Re: doesn't redirect

"Guy" <Guy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0585791C-D70A-487E-A547-20C727A88F3A@xxxxxxxxxxxxxxxx 

"Vanguard" wrote:

"Guy" <Guy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B8367991-DD14-4843-B7AD-9878AF9BBC45@xxxxxxxxxxxxxxxx
> examples of sites that try to redirect me and fail are yahoo and > hotmail.

So are you talking about YOU clicking on URL links in their pages? Yahoo
and Hotmail have many pages and URLs. Could you be specific by giving a URL
that *you* enter and the URL where you end up (i.e., where you started and
where you got redirected). 

after I enter info on the hotmail login site I get directed towards a page
that looks empty and it stops there the contents of the page are this :

<html><head><script
type="text/javascript">top.location.replace("http://www.hotmail.msn.com/cgi-bin/sbox?t=XXX&p=XXXlc=XXX&id=XXX";);function OnBack(){}</script></head></html>


> My browser has no 'meta-refresh' setting under internet > settings/advanced.

That's the general options page and doesn't have any *security* settings per
se. Look under the Security tab. That is where security zones are defined.
One of them is called the Internet zone and probably the one you are using. 

Ok. I see the meta-refresh setting now. It is enabled.

> "Vanguard" wrote:
>
>> "Guy" <Guy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:B305C9BC-B7C9-4D4F-A7D9-F0D08E2D140E@xxxxxxxxxxxxxxxx
>> > The zone is internet. My security level is medium for this zone. It >> > is
>> > on
>> > the
>> > default settings. I don't know whether meta-refresh is enabled.
>>
>>
>> You won't until you actually look. Click on the button to customize >> the
>> settings (you don't need to save any changes, especially if you don't
>> make
>> any to just see what they currently are). I've customized my settings
>> (to
>> be more stringent) and am not going to record them all to see what >> values
>> are used in the Medium level. As I recall, meta-refresh should be
>> enabled
>> in Medium level.
>>
>> So *if* meta-refresh is enabled, just WHAT type of redirect are you
>> asking
>> about? Give an example site, or better explain what you mean by >> redirect
>> (since it can be done invisibly, can be done using frames, etc.).
>>
>>





For Hotmail, www.hotmail.com takes you to their Passport login page. I think there are 2 interstitchal pages after submitting those login credentials before you get to the mailbox web page. The first one is the action for the form data entered on the login page to submit the data to an SSL page (to protect your login credentials). I'd rather have the login page be itself SSL secured so you can see the padlock icon in the status bar. However, after looking at the action for the submit of the form data of the Passport login page, I see that it gets sent to an HTTPS:// page which means the SSL connect must be done first and then the login credentials get sent.

For Hotmail, you do not need to allow cookies although some 3rd party ones are offered. However, I believe that you must have Referrer enabled in your firewall for the remaining pages to work to redirect you to their webmail page. You could try disabling your firewall temporarily. You could also try adding *.hotmail.com, *.hotmail.microsoft.com, *.msn.com, and *.microsoft.com to the trusted sites list. I forget which ones to use and remember having to experiment to see which subdomains were needed so that I didn't have to unblock Referrer for all sites.

The use of Referrer is not only to track you for marketing purposes. It is also to guarantee that the site knows from whence you came when you get to one of their web pages and allows for securing navigation through their site. 

.