Hi Everyone, I close to launching an rails-based e-commerce website and I am pondering: Should I force all traffic to SSL?
Most stores, I believe, use http up until the customer is about to checkout or login and the redirect to https. Lately, with all the commotion about Firesheep, cookie sniffing and session highjacking I am tempted to just force the client to use https from the get go, like the bank websites do. Of course I realize that protecting the contents of your cart is not strictly necessary, it isn't clear to me that it will be a negative. The site is a 3.1.1 rails app, to be hosted on heroku. The staging server I have now, does seem to perform as fast under https and http, and the http caching provided by Varnish seems to be working just the same. Does anyone know if there are SEO implications I should consider? I appreciate your thoughts, -- Ylan -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
