vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Login via SSL (https://vborg.vbsupport.ru/showthread.php?t=124068)

johnmont 08-15-2006 10:42 PM
Login via SSL
 
I would like to have login and usercp functions go through SSL and all other board traffic through regular http://. I've created a symbolic link to the http filesystem directory in my https filesystem directory.

Next, I created a replacement variable for replacing "login.php" to "https://www.mysite.com/login.php". This part works great as I get redirected appropriately to the login page. I then enter my login and password and submit.

I get the redirect intermediate, but when I get redirected back to the http://www.mysite.com, I don't have any privileges as though I'm not logged in. If I go to https://www.mysite.com, all is fine.

Is this due to the cookie? A session variable being different between the two sites?

johnmont 08-17-2006 12:31 AM
It does seem as though it must be a cookie issue --

Does anyone know if the same cookie can be used on http and https? Can I use the secure flag for a cookie even though I'm mainly accessing over http?

Ntfu2 08-17-2006 12:43 AM
i think you'll have to stay under SSL once loged in.

There is no real benefit/disadvantage i can think of that would require SSL login, then back to normal http, i beleive the password is never really passed via plain text anyway

johnmont 08-17-2006 01:03 AM
Thanks for your perspective -- appreciate the input greatly.

As far as SSL, I wanted to make the UserCP area secure (and maybe Private Message) as well since i'm collecting some extra information that could be considered private. I'm also distributing some information I'd rather try and keep secure. On the other hand, I have lots of imagery and high bandwidth downloads that I'd like to avoid SSL for distribution.

Hence my desire to split out the site.... :)

Ntfu2 08-17-2006 01:16 AM
Ah i see now :)

I'm not a coder by any strectch of the imagination, but you could set the login.php script to set two different cookies by chance, then simply link all instances of private messages and userCP via the ssl connnection?


All times are GMT. The time now is 09:39 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01020 seconds
  • Memory Usage 1,717KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete