Thread

Safecracker provides a useful parameter to submit a form over HTTPS

secure_action="yes"

but I can’t seem to find the equivalent on the Member Login Form.

Is it possible to force a secure submission over HTTPS when members log in? If so how?

It’s been 4 days. Any reply coming on this one?

Hi Slippy,

It’s been 4 days. Any reply coming on this one?

All apologies for your extended wait. We had a 3 day weekend in the US.

Have a look at one of the several add-ons for forcing SSL. You can also investigate options using .htaccess

~

Hi Dan,

Thanks for the reply. Is there no EE support over weekends? It’s also been 5 days since I posted including 2 working days. I don’t wish to sound overly critical but if that’s the expected response time with a simple query then I’m just a little concerned with any future support I may need(?) It’s just nice to know you can ping a question and get a response whilst working on something.

Anyway, ideally I’d like to keep this native to EE but I’m taking that as a no for login form submissions. In that case has there been no request for this feature? It must surely be a fairly common need and one which is recommended as part of best practice? If it’s included in Safecracker for other form submissions I’m just wandering why it isn’t also an option with the login forms?

In this case I’m already securing the account/ section with SSL via .htaccess so the login page and the registration form are accessed over HTTPS. However that doesn’t mean that form submissions are. They are left out in the open. I’m using safecracker for the user registration form and can secure those submissions but the login form is left wide open upon submission. Other than addons (which all seem to work on an all or nothing and don’t specifically seem to just handle form submissions which isn’t necessary as I’ve already got the rest of my site secured including the Control Panel) is there a way you would recommend to tighten up this login form submission?

Thanks

Hi Slippy,

Is there no EE support over weekends?

Indeed no, we are working professionals that follow a 9AM - 5PM schedule in the US Central timezone, Monday - Friday.

Your original post was late on Thursday leading into a Friday before a 3 day weekend - a rather odd pickle of a time that you aren’t likely to run into all that often.

Your second post came on day 3 of that 3 day weekend, when no one was on shift and a noticed to expect delays was posted in the forums for a week leading up to the holiday.

With all that, my first reply to you came in just over 1 business day after your initial post. Again, I do apologize for your wait, and I realize the entire world does not celebrate US business holidays.

Now, let’s get you an answer, rather than a useless explanation!

They are left out in the open. I’m using safecracker for the user registration form and can secure those submissions but the login form is left wide open upon submission.

I see, since the login form has the option of being displayed on a non-secure page, in a site-wide header perhaps.

That does present a bit of a challenge - and the answer may be outside of ExpressionEngine per se. What about using some JavaScript and AJAX to submit the form securely?

I’m going to make a note of this. We really should offer a parameter on the member login form to post securely.

~