SSL on Login/Registration Only?

[|Jordan|]

I have SSL protecting my forum and im trying to make it so that SSL only protects the login and registration pages.

Problem is, when a user logs in via the SSL protected login page, they aren't logged into non SSL Xenforo.

Any idea how i can get around this? Is it a limitation of the browser or a limitation of Xenforo itself?

 

[Jeremy]

Did you update your board URL to be HTTPS? You should force one or the other.

But there is no built in way to do that.

 

[|Jordan|]

Board is still http, im trying to avoid using https for the other area's of forum because posted images (amd images in my sidebar) are breaking SSL and i can't use the image proxy either because i use several status images from other sites that update every 15 minutes and the cached images stop updating (not to mention the cache reduces graphic quality significantly).

 

[x3sphere]

Nope, as far as I know this would require an add-on as the cookies are marked secure only when logging in from HTTPS (to prevent them being read on an HTTP connection).

 

[|Jordan|]

Ah, in that case do you know how to change the quality of cached images?

How can i get images i embed in templates to use the image proxy?

And finally i want cached images to refresh after a few minutes; how would i do this?

 

[Mike]

If you want to do SSL, you really need to do the whole site. Otherwise it's effectively pointless (as the login form itself can be manipulated).

By "cached" images I assume you're referring to the image proxy. The image proxy doesn't touch images; it just accepts what is served.

The proxy is not really designed for constantly updating images. You would instead need to pull the images directly via SSL (provided they support that; if not, you'll need to ask them to support it).