Which page to secure for login?

Permalink Browser Info Environment
I tried it out and it works great, and EASY.

My question now is what is the proper pages to place it on to have the security I expect on Login? Using the Login addon. Do I set the Force SSL on the page with the Login block, the page called by the Login block or both?

Type: Discussion
Status: New
View Replies:
lukez1985 replied on at Permalink Reply
Did you ever get an answer to this as i am looking to do the same?
luns4d replied on at Permalink Reply
No, I did not. Would be nice to know.
jbx replied on at Permalink Reply
jbx
Hi guys, my apologies for not getting back to you sooner on this.

The short answer is probably both - but let me explain the process so you can understand how this works.

If you have a page with a form on it and you want the post to be secure, it must post to a secure address. The protocol of the page holding the form does not matter, but the form's action must be to an https address.

However, if you are using the login addon, you may not have control over the form action to change it from using the current protocol to https. This would result in a post to an insecure address, followed by a redirect to the same page using https, also resulting in the loss of your post data.

So, if you secure the page that contains the form, in addition to the page you post to, your login addon should post to the current https protocol. This ensures your post data is encrypted, removes the additional redirect and has the added benefit of showing your users a secure page while they are actually entering their details. Never a bad thing :)

I hope that makes it all clearer...

Jon

concrete5 Environment Information

Browser User-Agent String

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You have not specified a license for this support ticket. You must have a valid license assigned to a support ticket to request a refund.