Thread

Apologies if this is a repeat, but I haven’t sorted out a way of making this happen.

I need to have all of my member authentication requests, and new registration requests, go over SSL. I do *not* want my entire site to transmit over SSL, as the vast majority is public content and shouldn’t require a login.

I can redirect requests containing “login” or “register” to equivalent SSL without an issue by using Apache rewrites, but the issue I’m running into is that the login and registration forms POST back to the main, SSL-less URL. Again, changing this main URL isn’t a good option for me.

Altering the profile_theme.php template seems possible, except that the action—or in many cases, the whole opening form declaration—are dynamically generated. I’m concerned about mucking something up if I eliminate the template tag calls and force hardcoded values.

Is there a method I’m missing for this? Or do I need to bite the bullet and hard code my <FORM> declarations with SSL URLs in profile_template.php?

I am not sure there is a good solution to this problem, short of hacking EE core code. As you say, using a rewrite to redirect all traffic to the SSL version is not too difficult, but doing it selectively is not. Personally, I think a feature request would be a good idea.

Done, thanks Ingmar.

Very good. For reference, here’s the FR: http://ellislab.com/forums/viewthread/106956/. Please post again if anything else comes up.