Reducing number of redirects - http to https

Question

I am trying to reduce the number of redirects at my website login page in order for the page to load faster. My final task is deciding if it's possible to remove the redirect for the login page and still keep the site secure.

Should I make a landing page with a link to a secure login page, thus reducing the number of redirects?

Answer 1

Allow the login page to run under HTTP?

This will obviously be introducing a big security risk to a page where users enter their login credentials, which is generally a pretty bad idea. I would suggest no, but it depends what information the site will provide once logged in. If there's no accounting, no personal data, etc. then maybe it's okay, but i still wouldn't do it.

Edit: Updated due to question change

As stated, a static landing page with a link to the secure login page is a good solution here. It would be advisable to keep the http-to-https redirect on the login page though, as some users may try to type the address manually from memory, be using anold bookmark, or using a cached link from a search engine. Alternatively, the http login page could redirect to a different landing page, alerting the user about the insecure page they have navigated to, and also serving the https login link.

Answer 2

A 'landing page' in http is the optimal way to remove the http to https redirect on a login page. The user can click a link to get to the secure https login page, therefore the login page is only available under https.

If a user wishes to have a url directly to the login page to make access faster, they can bookmark this after clicking 'login'.