Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE - keep user on SSL only if logged in

Hi everyone

We have a complicated scenario which we need to achieve using the ACE4710. This is what we want to achieve:

1) User browses to site

2) User logs in and login is posted to secure path

3) Once the user is logged in, all subsequent requests to* need to be redirected to*. In other words, once the user has accessed /myaccount within the session, all further requests must be SSL, no matter which page on the site they are on.

Is this possible with the ACE?


Cisco Employee

Re: ACE - keep user on SSL only if logged in

ACE has no knowledge about what happened in a previous connection.

All you can do is inspect the header of the new http request and identify some information which could identify if the user is logged in or not.

For example, if the server sets a particular cookie when the client is logged in, you can check the presence of this cookie to determine if the client is connected and send the redirect to https.

BUT, since the client will potentially keep the same cookie, even if he logs out, then ace will continue redirecting the client to https.

Only the server has the complete knowledge of the client state.

So the redirect should come from the server.