You must configure apache to do it but I have a security objection. If you go on the clear (http) for all the other pages you are passing the session cookie in the clear. If an attacker has the session cookie, he can access the change_password page via https.
This is not a web2py specific issue. This is a general issue. Massimo On Jul 28, 2:45 am, Johann Spies <[email protected]> wrote: > How do I setup web2py to use https for all authentications and user > registration but normal http for the rest of the url's? > > Regards > Johann > > -- > "Be not deceived; God is not mocked: for whatsoever a > man soweth, that shall he also reap." > Galatians 6:7
