deansatch Posted June 22, 2010 Share Posted June 22, 2010 I am using a shared SSL server so sessions don't pass between my http and https versions of my pages. I was wondering if it is possible for a user on my normal http page to fill in their username and password then have the form post to https page to check for authentication then go back to http setting my 'logged in' session variables on the non secure part of the site. The only info that needs to be secure is passing the login details...after that there is no personal data to worry about. I noticed hotmail does something like this as I sign in on http...see https in the loading bar then http again to the inbox. Link to comment https://forums.phpfreaks.com/topic/205552-https-to-log-in-only/ Share on other sites More sharing options...
Akshay123 Posted June 22, 2010 Share Posted June 22, 2010 I am no expert at this, by any means, but you might want to try the login page and the post page being on SSL, that probably will be a lot easier. Then, you can set a cookie for ".example.com", so the cookie can be used all through your server. Yahoo does something like this. If you go to mail.yahoo.com, and if you are not signed in, it will take you to a SSL login page, post to a SSL php page, and then take you back to your mail, which is not secure. Link to comment https://forums.phpfreaks.com/topic/205552-https-to-log-in-only/#findComment-1075588 Share on other sites More sharing options...
deansatch Posted July 22, 2010 Author Share Posted July 22, 2010 Has anyone got any ideas on this? Link to comment https://forums.phpfreaks.com/topic/205552-https-to-log-in-only/#findComment-1089858 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.