I am geting a fail on my pci test on the customer signin.aspx? page using version ML 8.0.1.2

I have USESSL to true but I see the page doesn't use it?

There is a web application running on this host that transmits login credentials over HTTP, which is a cleartext protocol. As such, if an attacker was able to intercept traffic containing login credentials, it would be trivial to view user account and password information.

All web application communications containing sensitive information should be transmitted using SSL/TLS (HTTPS). If re-direction from HTTP to HTTPS is utilized in an attempt to remediate this finding, please ensure that such re-direction occurs on the server side of the system (for example via the use of the HTTP "Location" header element) and that re-direction is not reliant upon the client (browser) side