Using SSL for non-view scripts only

  • Tip Category - Installation and Upgrading
  • Tip Added By - PaulHarvey - 31 Jul 2009 - 09:17
  • Extensions Used - HttpsRedirectPlugin
  • Useful To - Experts
  • Tip Status - Under Review
  • Related Topics -
The old version of this guide can be found at rev13.

But don't do it: your users will be exposing the same session cookie values they get when editing via https:// whenever they switch back to viewing a topic over http://

Use HttpsRedirectPlugin, ditch IE6 users, and use mod_expires and mod_headers in your apache config to improve SSL performance for your authenticated users over SSL.

-- PaulHarvey - 30 Mar 2010

BestPracticeTipsForm edit

Category Installation and Upgrading
Topic revision: r14 - 30 Mar 2010, PaulHarvey
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy