Just a quick question wondering if anyone knows the answer, all my logged in content forces an SSL connection to prevent cookie hijacking.
What I'm curious to know, is if the logged in user visits an HTTP page, and I have code which checks the protocol in the Page_Init() function and Response.redirects to the HTTPS URL if they are on HTTP, between the original request, the page init, and the redirect is the cookie ever exposed?