On Tue, Oct 11, 2011 at 09:52, Ylan <[email protected]> wrote: > I close to launching an rails-based e-commerce website and I am pondering: > Should I force all traffic to SSL? >
Personally, I try to keep it somewhat simple. If there is an authenticated session present, then I require SSL. Done. Plus, with this approach, SEO remains unharmed on pages which don't require authentication. Here's my ssl_required? method for http://websolr.com/ https://gist.github.com/1278824 -- Nick Zadrozny -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
