Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- using HTTPS for a login page
August 23, 2004, 9:15 am
rate this thread
I'd like to enable the user to optionally use HTTPS to login
so that their password would not be easily snooped out.
What does this involve exactly?
I know that you use a https prefix instead of http, but that's it.
Is there configuration of directories necessary?
Got a good website for this basic info on https?
Also, I'll issue the user with a cookie (not persistent) once they log
in. It will be a session cookie created using the user name and
MachineKey alone... if this cookie were intercepted would an attacker be
able to use this for a replay attack? i.e. would I need to use https for
every page on the site where you need to be logged in to access or just
the login page? I know that Yahoo mail only uses https on the login page
"I hear ma train a comin'
... hear freedom comin"
Re: using HTTPS for a login page
Ah, another bloody idiot who has set followups to something other than the
many disparate newsgroups mentioned in the original post.
Do you know that people in those other newsgroups (like alt.html) will not
see any of the posts made by other people from those groups? They will
assume nobody has answered the question and thus will waste their time
- » submit form data to a new window failed using HTTP POST
- — Previous thread in » HTML Markup Language