1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Forse SSL for Login-Form

Discussion in 'XenForo Questions and Support' started by schroeffu, Oct 30, 2014.

  1. schroeffu

    schroeffu Active Member

    Hi Team,

    i've the problem that some plugins aren't running while SSL is active for every site (XenRio Streams for example), so is there any option to only force the Login-Form use SSL/HTTPS, but not on other sites/(sub)pages?

    Thanks for any idea.
    Regards Schroeffu
  2. Liam W

    Liam W Well-Known Member

    Yes, but it is completely pointless as the cookie data would then be sent over an insecure connection for all other page loads, allowing someone to hijack the session.

    False security.
    Xon likes this.
  3. Xon

    Xon Well-Known Member

    Additionally, if the login cookie is created via SSL; XenForo marks it as secure and most sane browsers will then delete the cookie if it touches a non-SSL connection.
    Liam W likes this.

Share This Page