SSL with an HTML form on every page

[SpankMarvin]

Hi there

 

I have implemented several apps in the past where secure info is submitted over an SSL connection.

 

However, I am working on a project where there is an included sidebar form, so it appears on EVERY page.

 

My question is: does this mean EVERY page needs to be https, or am I good as long as my form's action leads to https?

 

I hope this makes sense...

 

Thanks in advance

 

John

[haku]

I believe, though I could be wrong, that you will need to have SSL on every page. The reason for this is between the page the form is on, and the action that the form points to, the data will be sent to the server, since the processing on the action page is actually done on the server, not your browser.

[SpankMarvin]

Hmm, I was thinking the same. This presents a problem, in that people coming to the site for the first time are 99% likely not to go via https. I guess I could redirect.

 

Thank you for the input!

 

J

[haku]

I have a site with the same setup (every page on SSL). I set up a redirect in my .htaccess so that people are automatically redirected to the SSL page.

[SpankMarvin]

Interesting idea. However, am I right in thinking that https pages are not browser cached? Are there reasons such as this (i.e. production of more hefty bandwidth usage) for changing the setup of the site rather than applying SSL site-wide? Just trying to weigh up the options...

 

Thanks!

 

J