Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Auto SSL for Login Page Only  RSS feed

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using FORM based authentication. I want to switch to SSL automatically when the user submit the password and SWITCH BACK to non-SSL for other constrained pages. How can we do that?

Thx for any advice.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I generally advise against doing that.

I know with Tomcat (not sure about other servers), you will end up with different sessionIDs for the secure and non-secure sides.
Also, browsers will spit up popup warnings when the user moves from the secure to the non-secure side.
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You mean we should either use SSL for everything or not to use SSL at all? Neither option is desirable. Using it for all constrained resources may not be good for performance view point. On the other hand, I dont want the password be submitted in plaintext.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Alec Lee:
Neither option is desirable. Using it for all constrained resources may not be good for performance view point.


Is your app having performance problems?
If so, have you profiled it and determined where the bottlenecks are?
If so, is SSL number one on the list?

If the answer to any of those questions is no, writing extra code to move in and out of SSL could well be a case of premature optimization.
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!