Thursday, November 29, 2012

Re: Enforce HTTPS for authenticated users but HTTP for anonymous

Possibly, but I guess this would involve updating all of my views?

As for performance, I'm not sure yet since we haven't launched.  I'm really just thinking about things that might keep costs down - particularly if it's easy to do.  If any solution is complicated or messy then I probably will just go with HTTPS for everything.

On Thursday, 29 November 2012 10:47:14 UTC, kahara wrote:
Could this be achieved, in a view, by quering if the user is logged in and if so, redirecting to the same page but with HTTPS? Something like:

def index(request):
  if request.user.is_authenticated() and not request.is_secure():
    # redirect to HTTPS

One could argue though that to keep things as simple and robust as possible, running everything over HTTPS would be a better choice. Is HTTPS that much more compute intensive with your traffic?


    J


torstai, 29. marraskuuta 2012 11.32.28 UTC+2 Roarster kirjoitti:
Is there any easy way to have a django site enforce HTTPS for authenticated users while any anonymous users would default to HTTP?  This would allow me to protect the sessions and cookies for users who have logged on while conserving server resources for those who aren't authenticated (I would assume the majority of connections).  As part of this it would also make sense for me to ensure the login and register pages also use HTTPS to protect any passwords.

I'm not sure if it's relevant but I'm using Nginx as a web server with uwsgi dealing with the django requests.

Thanks.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/4hZopf0UwPIJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment