I have Apache in front of my Django app. It forces login pages to use HTTPS but then forces rest of pages to only use HTTP.
Is client browser sending sensitive login or session info in the clear when I am not using HTTPS? My nonencrypted pages don't present or ask for sensitive info. The only danger would be if sensitive info is being sent behind the scenes I didn't program myself. cs -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
