Could this be achieved, in a view, by quering if the user is logged in and
if so, redirecting to the same page but with HTTPS? Something like:
def index(request):
if request.user.is_authenticated() and not request.is_secure():
# redirect to HTTPS
One could argue though that to keep things as simple and robust as
possible, running everything over HTTPS would be a better choice. Is HTTPS
that much more compute intensive with your traffic?
J
torstai, 29. marraskuuta 2012 11.32.28 UTC+2 Roarster kirjoitti:
>
> Is there any easy way to have a django site enforce HTTPS for
> authenticated users while any anonymous users would default to HTTP? This
> would allow me to protect the sessions and cookies for users who have
> logged on while conserving server resources for those who aren't
> authenticated (I would assume the majority of connections). As part of
> this it would also make sense for me to ensure the login and register pages
> also use HTTPS to protect any passwords.
>
> I'm not sure if it's relevant but I'm using Nginx as a web server with
> uwsgi dealing with the django requests.
>
> Thanks.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/bQ4TYYmJvswJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
