XF 1.4 Forse SSL for Login-Form

schroeffu

schroeffu

Active member
Hi Team,

i've the problem that some plugins aren't running while SSL is active for every site (XenRio Streams for example), so is there any option to only force the Login-Form use SSL/HTTPS, but not on other sites/(sub)pages?

Thanks for any idea.
Regards Schroeffu
 
Sort by date Sort by votes
Yes, but it is completely pointless as the cookie data would then be sent over an insecure connection for all other page loads, allowing someone to hijack the session.

False security.
 
  • Like
Reactions: Xon
Upvote 0 Downvote
Additionally, if the login cookie is created via SSL; XenForo marks it as secure and most sane browsers will then delete the cookie if it touches a non-SSL connection.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Mouth
  • Question Question
XF 2.2 Multiple 2FA emails sent for login renewal
Replies
0
Views
398
Mouth
Mouth
rosal
  • Solved
XF 2.2 Disable overlay for Login / Register
Replies
4
Views
873
jamalfree
jamalfree
Hyprem
  • Question Question
XF 2.2 Show only Discord Button for Login
Replies
0
Views
1K
Hyprem
Hyprem
Ozzy47
[OzzModz] Remove Register Button From Login Form
Replies
12
Views
905
rodney-tli
rodney-tli
Nirjonadda
  • Suggestion Suggestion
Lack of interest Add support Hybridauth for login providers
Replies
1
Views
425
est3ban129
E
Top Bottom