This content has been marked as final. Show 4 replies
You will not be able to affect the browser's "unencrypted page" setting. The user has to check the box to disable it either in the displayed message or in the browser settings. Everything else should be doable in code and web server configuration. Session variables should not be affected by secure (HTTPS) or non-secure (HTTP) protocol settings as they are stored per browser and per web site.
But sites like ebay and google do exactly what I am trying to achieve. They only secure login form and login submit pages (https), all other pages are http. There is never browser warning when you use them.
How can I do the same in ColdFusion?
Again, this is not something that CF controls. On your same server, you should get the same warning if you use HTML. CF is not sending the HTTPS header -- the web server is controlling this.
For sites like EBay and Google, if the "Warn if changing between secure and not secure mode" option is enabled, then the browser will display a warning when changing modes if the protocol changes between HTTPS and HTTP. Their code is not doing it -- it is a function of the web browser in response to the protocol served by the web server.
I am using the same browser when testing CF sample login and using ebay. In case of CF I always get the browser warning, on ebay - never. Their code or server setup somehow does it.
Do you have a sample CF code / server settings that would make it behave similar to ebay login?