On Fri, Aug 22, 2008 at 6:31 PM, Time Ly <timepehi@yahoo.in> wrote:
Hello,
Does anyone have experience with securing (only) the login pages on OPAC/Intranet/both using HTTPS? Any help is appreciated.
Hi Time Ly You have a couple of options, the easiest one is to change the templates so that the form action for logging in goes to a https site, that can then redirect to http site after login. The other option is to have the page with form on it served as https, this is harder, because the login form can appear on any page, so you cant just do a redirect on certain urls. I dont have a good idea how to accomplish the second one for the opac, but for the intranet side, you could check if someone is logged in (by checking the cookie) if not, redirect them to the login on the https site. For the opac, you dont have to be logged in, so you would probably want to remove the login forms from everywhere and have a login page, then serve that page as https Hope this helps Chris