2010/1/6 Nikita Manohar <nikita.mano...@gmail.com> > The trigger here is suppose in a web application there is a welcome page > which is to be re-directed to a user's homepage after login. The secure > information (login page) should be toggled to https and the rest as http. > > Is it possible to do so automatically? > > This is asked fairly regularly on this list - search the archives for "secure login" and I suspect you'll come up with many examples.
However, I think you have a security problem with your application. Is the user's session identity somehow less valuable than the user's password? If the session identity is stolen after login (easy over normal HTTP - just sniff the cookie or the URL, whichever contains the session ID) then an attacker can do anything the user could do. Is this an acceptable security risk? If not, you should simply run everything over SSL. With modern processors and typical web applications, the extra CPU cycles required for SSL at the server are rarely a concern. - Peter
