[Typo3] typo3 SSL encrypted pages and login
Vincent
newsposting1 at crel.us
Mon Oct 10 19:44:57 CEST 2005
Vincent wrote:
> Is there any way to have it only encrypt the login data without
> continuing use https for all sub-pages after logging in? In some
> cases I would want the entire session to stay encrypted, but it would
> usually not be necessary when the login and password is the only data
> that is sensitive.
New information:
BTW,
These tests are all done on the quickstart site which is using the
BUSINESS template that uses frames with typo3-3.8.0 running on Linux.
There is another strange behavior. The front page also has a login
content element. with the https_enforcer extension, after loging in
using the separate login page, the front page still has the username
and password form as though I was not logged in, but if I go to the
separate login page it shows the user name and has has a logout
button.
However, I tried the lz_https (Secure/Unsecure) extension, which is
listed as obsolete but no known bugs, and it does not have that
problem. It properly shows I am logged in on the front page. It has
a similar problem as the https_enforcer extension though. The entire
site stays encrypted even after loggin out.
With https_enforcer, after logging out, only the index frame on the
left stays encrypted. The links in the index indicate https addresses
when I hover the pointer them but they are really non-encrypted http
links when you click on it.
Also, on the separate login page, the login element is configured to
send the user to the "Team pages" page. This works if SSL is not on.
With the https_enforcer extension enabled, if I turn on SSL for the
login page, it redirects me to the front page instead when I login.
If anybody want's to test this, my test site is
http://www.crel.us/quickstart
Click on the "click here to login" link and login from the separate
login page.
Username: joe
Password: goalkeeper
It currently has the https_enforcer extension enabled with SSL turned on for
the separate login page. I will leave it active for a while to see if I can
get any feedback about what the problem is and whether these are bugs.
More information about the TYPO3-english
mailing list