cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

HTTPS login setup

mikeb1110
New Here ,
Jan 02, 2007 Jan 02, 2007

Copy link to clipboard

Copied

Hello.
I have existing site which currently has ALL pages under HTTPS.
What I need is to have all pages not secured, but only LOGIN page is under HTTPS and login form is submitted to HTTPS page but then redirected to HTTP upon successful login. All of this should happen without browser's warning popping up ("You are now being transferred to a unsecure page" warning).
Session variable should be set in HTTP pages upon successfull user login.
I've been looking for the answer to this problem all over but could not find anything.
How can I do that?
Thank you.
TOPICS
Advanced techniques

Views

276

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
Sarge
New Here ,
Jan 02, 2007 Jan 02, 2007

Copy link to clipboard

Copied

You will not be able to affect the browser's "unencrypted page" setting. The user has to check the box to disable it either in the displayed message or in the browser settings. Everything else should be doable in code and web server configuration. Session variables should not be affected by secure (HTTPS) or non-secure (HTTP) protocol settings as they are stored per browser and per web site.

HTH,

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mikeb1110
New Here ,
Jan 02, 2007 Jan 02, 2007

Copy link to clipboard

Copied

Sarge,
But sites like ebay and google do exactly what I am trying to achieve. They only secure login form and login submit pages (https), all other pages are http. There is never browser warning when you use them.
How can I do the same in ColdFusion?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Sarge
New Here ,
Jan 02, 2007 Jan 02, 2007

Copy link to clipboard

Copied

In Response To mikeb1110
Again, this is not something that CF controls. On your same server, you should get the same warning if you use HTML. CF is not sending the HTTPS header -- the web server is controlling this.

For sites like EBay and Google, if the "Warn if changing between secure and not secure mode" option is enabled, then the browser will display a warning when changing modes if the protocol changes between HTTPS and HTTP. Their code is not doing it -- it is a function of the web browser in response to the protocol served by the web server.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mikeb1110
New Here ,
Jan 02, 2007 Jan 02, 2007

Copy link to clipboard

Copied

LATEST
Sarge,
I am using the same browser when testing CF sample login and using ebay. In case of CF I always get the browser warning, on ebay - never. Their code or server setup somehow does it.
Do you have a sample CF code / server settings that would make it behave similar to ebay login?
Thank you.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices