shaileen_shah — 2014-04-01T11:43:27-04:00 — #1
I want to know how can i make my login page https and all other pages as http.
So when a user sees login page, the site address should show https, and once they are in, it should be http.
I feel this might be the right code, but I dont know what it does. Can you please let me know your thoughts please?
Thanks in Advance.
felgall — 2014-04-01T14:38:31-04:00 — #2
Why do you want to put a lock on the barn door and then knock down all the walls?
The information that needs to be passed back and forth once they are logged in needs a secure connection at least as much if not more than the login page does. Without it someone would be able to steal their current access without even needing to know their password.
shaileen_shah — 2014-04-01T14:43:41-04:00 — #3
Thanks Steven for your response, but my main goal is to secure the user's credentials. Data is also important, but right now I am focusing just on the credentials because that is the key information in the network I am going to implement this solution. Also, if I install it throughout, my server performance might be affected.
felgall — 2014-04-01T16:58:48-04:00 — #4
Installing https for the entire area accessed by the login shouldn't have any noticeable performance impact as it would only be the session id that needs to be encrypted by the certificate before a request is sent to the server.
Also if you don't have the session id encrypted then someone who intercepts that would be able to get ALL the person's credentials from the server even though they are not included in the current request. Protecting just the login page will not actually protect any of their credentials as all will be accessible from the following page if that page doesn't use https.
shaileen_shah — 2014-04-02T09:24:01-04:00 — #5
Can you give me an example of how it will be available in other pages even if we use https for login page?