I was wondering how do you ensure that a page is only accessed as
for example if I connect to the checkout page of an ecommerce site like so
how can I ensure that if you went to the URL and did took out the "s" from the "https" so it was like sohttps://www.mysite.com/shoppingcart.html
that the connection would fail or you'd be prompted to log in again.http://www.mysite.com/shoppingcart.html
I ask because I worked on a site recently that has this problem. If you add stuff to the shopping cart and go to check out, it directs you to a secure link, but if you take off that "s" the link is no longer secure. I tried the same thing on Amazon but they don't play that. They immediately make you log in if the connection is not secure (and I want to know how they do it).
I don't know how someone could take advantage of this in a malicious way but its been bothering me a lot.