HTTPS on all pages where user is logged on

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Tom Gullen on Pro Webmasters See other posts from Pro Webmasters or by Tom Gullen
Published on 2011-11-25T17:37:06Z Indexed on 2011/11/25 18:04 UTC
Read the original article Hit count: 482

Filed under:
|
|

I know this is considered best practise to prevent cookie hijacking. I would like to adopt this approach, but ran across a problem on our forum where the users post images which either aren't posted with URL's over HTTPS or the url itself doesn't support HTTPS. This throws up a lot of ugly browser warnings.

I see I have two options:

  • Disable HTTPS for the forum
  • Force all user posted content to start with // in the url so it selects the right protocol, if it doesn't support HTTPS so be it

Do I have any other options? How do other sites deal with this?

© Pro Webmasters or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about security

Related posts about ssl

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle