Forum OpenACS Development: Using SSL for registered users (always)

Hi

I'm already set up RestrictToSSL for "non - registered users" but I'd like to use SSL for registered users (always).

That way I can "simplify" my SSL setup:
- Non Registered Users: No SSL but RestrictToSSL directories
- Registered Users: always use SSL

Now I have a "mix" of http and https in some pages.

Before trying to do it myself (probably checking that out in site-master.tcl or security procs), I'm sure somebody has do it (and better than me).

Is there some parameter configuration to do this? Anybody is doing this way?

Collapse
Posted by Cesareo Garci­a Rodicio on
It has been easy to add "If you are a registered user I serve you a secure connection" doing in default-master.adp

# All content will be secured if you are registered
# or RestrictToSSL Paremeter List used
set ssl_to_reg_users_p true

if { $ssl_to_reg_users_p && $untrusted_user_id != 0 } { security::require_secure_conn }

I've tried to "redirect always a secure connection to insecure connection" but I have to take care with RestrictToSSL List (and not fall to a redirection problem). I'm working on it.

This logic (secure conn to registered users and insecure conn elsewere but REstricttoSSL directory list) seem to be simple to deploy