I ended up configuring this in Nginx so that /user and /admin are all https and everything else is http. It's probably not totally necessary but some users like it. Cookies are attached to a domain or sub-domain and seem to work OK. GoDaddy has cheap certs for new cert buyers (<$15). If you use a self-signed cert everyone will get a warning message.
- [web2py] Re: How to get web2py to use https for logins and registra... Carlos
- [web2py] Re: How to get web2py to use https for logins and reg... pbreit
