Being paranoid doesn't mean that everybody isn't out to get you... specifically online. You could extend the script to set a single-session cookie to only try to redirect once in a session and display some warning that the redirect did not work if https is still used afterwards.
|