CHI-WEB Archives

ACM SIGCHI WWW Human Factors (Open Discussion)

CHI-WEB@LISTSERV.ACM.ORG

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Steve Fouts <[log in to unmask]>
Reply To:
Steve Fouts <[log in to unmask]>
Date:
Fri, 5 Feb 1999 09:29:15 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (56 lines)
Liz Gee wrote:

> Our Framed site loads the Frame at the top level, and is totally within a
> secure site.  We have no links outside the secure site.  Upon logoff, I
> display a message letting the user know that they are logging off and
> leaving the secure site.
>
> On your site, do you have links which leave the secure Frameset for certain
> pages?
> On ours, we log them off.
> Which browsers are you building for?
> On our site, Framed or UnFramed (we do both),
> if a gif is loaded from an unsecure site, an alert come up.

Liz,
Because the load on the server is much higher under https than it is
under http, we keep them in a secure session only as long as they
are viewing sensitive information (in this case, account information)
and then we unload it.

We originally had the secure page load in an unsecure frameset, but
people complained about not seeing the locks. Apparently, a lot of
people turn off the alert boxes that come up when entering a
secure site and rely on the locks to let them know that a page is
secure.

Loading and unloading the entire frameset when they go to and
from secure areas was deemed too cumbersome because of the way
the site is structured. You have to build a new top level frame
set for every unsecure page that you link to from within the
secure site. Plus, since we use https and http for the switch,
we have to either use absolute links (unworkable as the pages
bounce from development server to production server(s)) or else
make every single page ASP so that it can resolve relative links
as absolute links to the server it's on on the fly. So the choice
becomes cripple your customer's mobility or build 20 frame sets
and write a ton of ASP.

At any rate, we are abandoning frames with our redesign because
it seems that every time you say, "I'm going to do this with
frames," you increase the development time by quite a bit. We
were spending all of our time focusing on working around problems
with frames rather than delivering content to our customers.

All of this may be a better argument for not using IIS than it
is for not using frames, but I'm not going to go there.

--
Steve Fouts [log in to unmask]

I notice that you use plain, simple language, short words and brief
sentences. That is the way to write English - it is the modern way
and the best way. Stick to it; don't let fluff and flowers and
verbosity creep in.
- Mark Twain

ATOM RSS1 RSS2