SSL should be active on all pages after logging in

Oct 21, 2012 at 8:38 PM
Edited Oct 21, 2012 at 8:39 PM

I'd like to suggest a setting to keep a user on the https url for browsing after logging in (not just for the login page or dashboard) so that the secure cookie isn't subject to being hijacked by someone on the same network using Firesheep or a similar tool.

Oct 22, 2012 at 2:48 AM

Can you file a work item? 

Oct 23, 2012 at 2:24 AM

Sure thing. Filed as issue #2.

Jul 17, 2013 at 1:30 PM
I've added a patch for this on issue #2. See https://orchardssl.codeplex.com/workitem/2