And here's a little more info for you too.
Get your own SSL certificate (perhaps at
and be sure you have a Web host that will install it so that you don't have to switch servers and lose session variables.
Then you can access any of your pages with https instead of http.
But if you have SSL for your Web site that doesn't mean that everyone HAS to go in with https URL's. They can go in with http URL's too. So on the pages you want protected you may want to see how a user is coming in and redirect to https if needed...
For instance at my site only the sample Web database used to use SSL although SSL was available for the whole site.
But a tricky thing is that on your SSL pages you're going to want to be sure that all filepaths for included files and even images all use https and not http (or nothing because http is then assumed) otherwise the user will probably get a message from his browser saying there is secure and unsecure information on the page.
If you use secured pages on a different server you many want to find some way (such as by posting or via querystring) to pass in values such as for a shopping cart without using session variables. Or if you have access to the database from each server, you could store things in the database as a way of moving info from non-secured to secured pages or back again.
Best regards,
J. Paul Schmidt
- Freelance ASP Web Developer
- ASP Web Developer Tips