• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 SSL (https) only for Login

vFranky

Active member
#1
Hello,

is it possible to configure and use https only for XenForo-login? How?

I want to change to SSL, especially for Login. I'm afraid that a complete transfer of all pages to SSL will produce to much overhead for the server, someone said 10 times more than normal http.

Kind regards,
Frank
 

Liam W

Well-known member
#2
Setting it for login only won't work really.

The created cookies would be marked as secure only, and the user would then be logged out when they visited a non-SSL page.

Also, there really is no point in having SSL on login only. While their login details would be secured, the session cookie wouldn't, and anyone on the same network as them would be able to steal the contents of that cookie and access the site as that user.

Liam
 

vFranky

Active member
#3
Thank you. Liam.

Lots of people advice me not to chance to complete SSL encryption of the whole forum content. They say that there are often problems / errors with banner advertisments.