Reputation: 9
HTTPS switches to HTTP
I login to a webpage using http:// I get redirected by javascript to https://. This opens a login page under https. After logging on successfully the next page is in http again. Why didn't the next page open with https as well. I am using JETTY as web server.
Upvotes: 0
Views: 945
Answers (2)
Reputation: 4525
Encryption is usually only used when transferring sensitive data such as usernames and passwords (or your online bank account).
For an otherwise public website like StackOverflow it's impractical to use HTTPS for anything other than the login credentials because if every logged in user at StackOverflow would use HTTPS for every page-view the site could be too expensive to run because encryption is resource heavy which means it would require more hardware.
The server-side software could work something like this at the login page:
- User goes to login page http://mysite.com/login
- Login page is displayed. The HTML form points to https://mysite.com
- User types username/password and submits the form over an encrypted session
- User lands on "Login successful" page which redirects to the unencrypted http://mysite.com/
HTTP supports redirects in the header using the Location command:
Location: http://www.example.org/
Content-Type: text/html
Content-Length: 174
Hope this helps!
Upvotes: 0
Reputation: 8653
Are you posting your login form to http://mysite.com/login.php?
If so, I'd recommend using a relative link (e.g. <form action="login.php" method="POST">)
Upvotes: 4
Related Questions
- Change from http to https using http4s
- HTTPS redirects to totally different website?
- Chrome - How to stop converting from http to https
- Automatically redirects from HTTPS to HTTP
- Safari is forcing HTTPS on everything when I don't want it to
- Solve issue when http won't change to https
- HTTPS redirects to HTTP
- HTTP on a HTTPS Website
- Http to Https redirection not happening automatically
- How to change https to http