HTTPS on all pages where user is logged on
Posted
by
Tom Gullen
on Pro Webmasters
See other posts from Pro Webmasters
or by Tom Gullen
Published on 2011-11-25T17:37:06Z
Indexed on
2011/11/25
18:04 UTC
Read the original article
Hit count: 486
I know this is considered best practise to prevent cookie hijacking. I would like to adopt this approach, but ran across a problem on our forum where the users post images which either aren't posted with URL's over HTTPS or the url itself doesn't support HTTPS. This throws up a lot of ugly browser warnings.
I see I have two options:
- Disable HTTPS for the forum
- Force all user posted content to start with
//
in the url so it selects the right protocol, if it doesn't support HTTPS so be it
Do I have any other options? How do other sites deal with this?
© Pro Webmasters or respective owner