4 Replies Latest reply on Jan 2, 2007 1:02 PM by mikeb1110

    HTTPS login setup

    mikeb1110
      Hello.
      I have existing site which currently has ALL pages under HTTPS.
      What I need is to have all pages not secured, but only LOGIN page is under HTTPS and login form is submitted to HTTPS page but then redirected to HTTP upon successful login. All of this should happen without browser's warning popping up ("You are now being transferred to a unsecure page" warning).
      Session variable should be set in HTTP pages upon successfull user login.
      I've been looking for the answer to this problem all over but could not find anything.
      How can I do that?
      Thank you.
        • 1. Re: HTTPS login setup
          Sarge
          You will not be able to affect the browser's "unencrypted page" setting. The user has to check the box to disable it either in the displayed message or in the browser settings. Everything else should be doable in code and web server configuration. Session variables should not be affected by secure (HTTPS) or non-secure (HTTP) protocol settings as they are stored per browser and per web site.

          HTH,
          • 2. Re: HTTPS login setup
            mikeb1110 Level 1
            Sarge,
            But sites like ebay and google do exactly what I am trying to achieve. They only secure login form and login submit pages (https), all other pages are http. There is never browser warning when you use them.
            How can I do the same in ColdFusion?
            • 3. Re: HTTPS login setup
              Sarge Level 1
              Again, this is not something that CF controls. On your same server, you should get the same warning if you use HTML. CF is not sending the HTTPS header -- the web server is controlling this.

              For sites like EBay and Google, if the "Warn if changing between secure and not secure mode" option is enabled, then the browser will display a warning when changing modes if the protocol changes between HTTPS and HTTP. Their code is not doing it -- it is a function of the web browser in response to the protocol served by the web server.
              • 4. Re: HTTPS login setup
                mikeb1110 Level 1
                Sarge,
                I am using the same browser when testing CF sample login and using ebay. In case of CF I always get the browser warning, on ebay - never. Their code or server setup somehow does it.
                Do you have a sample CF code / server settings that would make it behave similar to ebay login?
                Thank you.