XF 1.4 Forse SSL for Login-Form


Active member
Hi Team,

i've the problem that some plugins aren't running while SSL is active for every site (XenRio Streams for example), so is there any option to only force the Login-Form use SSL/HTTPS, but not on other sites/(sub)pages?

Thanks for any idea.
Regards Schroeffu

Liam W

Well-known member
Yes, but it is completely pointless as the cookie data would then be sent over an insecure connection for all other page loads, allowing someone to hijack the session.

False security.


Well-known member
Additionally, if the login cookie is created via SSL; XenForo marks it as secure and most sane browsers will then delete the cookie if it touches a non-SSL connection.