You'll set your app with both a SSL and non-SSL server. Then in your login form you'll set https:// as the POST action. Even better if the login form itself is served as https:// - you can do that by changing the "Login" url in the HTML but also you can check in the controller that shows the login form if it's a secure and redirect if it isn't.
Also, after a successfull login, you can redirect back to the non-SSL site (but are cookies sent by browsers then?) ... you might need to use cookies in URL's instead (for ex. gmail). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---