: Keeping the session cookie secure is surely one of the biggest problems, if a site switches between secure and non secure pages. But that's only a problem, because most sites combine session
Keeping the session cookie secure is surely one of the biggest problems, if a site switches between secure and non secure pages. But that's only a problem, because most sites combine session handling and authentication. If you use the session cookie exclusively for maintaining the session, you can avoid this security risk:
Switching-between-http-and-https-pages
Although this solves the problem with the session cookie, the question remains, is the additional complexity worth the saving of processor power for a full HTTPS site? Unfortunately it's difficult to get useful field reports or benchmarks of real scenarios. Big companies like Google were switching to full encryption, though it seems that they did a lot of optimizations before:
Overclocking-ssl
My personal opinion is, that for sites with low until moderate traffic you should avoid complexity and use HTTPS for all pages. If you have (or expect) a lot of traffic you can consider switching between HTTP and HTTPS.
More posts by @Murphy175
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.