Re: Secure Sessions and HTTPS

Mozilla (and Firefox) has a Developer tool that lets you see live HTTP headers. That may help you, but it may not. Take a look at the source of the page. You are on a non-secured page, POSTing data to a secured page. (I always hate this set-up, but not enough people seem to care about the security threat here.) It's very likely that there is actually JavaScript on the page with an onSubmit() or onClick() action that does the actual form POST.

Hope you are successful.

Ivan Heffner
Sr. Software Engineer, DAS Lead
WhitePages.com, Inc.

Comment on Re: Secure Sessions and HTTPS

Replies are listed 'Best First'.
Re^2: Secure Sessions and HTTPS by jamesjyu (Acolyte) on Dec 13, 2005 at 22:21 UTC
Nope, no javascript, the code for the posting is simply this: `<form action="https://www.mbnanetaccess.com/NASApp/NetAccess/Login" me +thod="post"> <strong>Login Name:</strong><br /> <input type="text" name="username" value="" maxlength="32" id="usernam +e" class="da"/><br /> <strong>Password:</strong><br /> <input type="password" name="password" value="" maxlength="32" class=" +da" /><br /> <input type="image" src="images/login.gif" class="login" name="submit" + /> </form>` [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Secure Sessions and HTTPS
by jamesjyu (Acolyte) on Dec 13, 2005 at 22:21 UTC

<form action="https://www.mbnanetaccess.com/NASApp/NetAccess/Login" me
+thod="post">
<strong>Login Name:</strong><br />
<input type="text" name="username" value="" maxlength="32" id="usernam
+e" class="da"/><br />
<strong>Password:</strong><br />
<input type="password" name="password" value="" maxlength="32" class="
+da" /><br />
<input type="image" src="images/login.gif" class="login" name="submit"
+ />
</form>
[download]

[reply]
[d/l]