Forum Discussion
Kevin_Stewart
Oct 05, 2015Employee
The code looks fine, but seems very specific to a given URI. How does the loop manifest? Do you have a client side capture that shows the looping URLs?
On another note, by nature of doing SSL in the first place, I have to assume you have something you want to protect. It is also very likely that allowing HTTP and HTTPS access to the same site creates information leakage - session cookies and other information in the HTTPS content can bleed over into the HTTP content. I can completely understand the desire to not require encryption for some otherwise trivial content, but for the sake of the content (and users) you're trying to protect it may be worthwhile to consider an "all or nothing" approach to SSL.