When at https://forum.lowyat.net/, replying takes us outside of the HTTPS session.

The code that does that is:


Would somebody fix this, please? With sugar and strawberry on top?

Thanks, never noticed that because the correct URL is produced when a moderator views the forum over HTTPS.

erm, does this also include this one? on search box thingy down on left corner? i got this message whenever i try search and hit enter.



and, when "continue", i notice it's HTTP instead of HTTPS on address.

This should be fixed now.

In addition, I have provided a HTTPS Login option at the login page - http://forum.lowyat.net/index.php?act=Login&CODE=00

And a "Always browse with HTTPS" option at the board settings - http://forum.lowyat.net/index.php?act=UserCP&CODE=04

Can you give it a try?

The new feature seems to be working well. Tested the posting and search issues.

There's a minor problem when you're in HTTP and then you try posting or searching with the HTTPS option checked, the forum will send you back to the index page. But it works fine if you're already browsing in HTTPS.

Thanks a lot wKkaY!

---

Added on August 6, 2011, 11:57 pmOh, I hadn't realised one problem then. If our bookmarks were pointing at HTTPS but our Board Settings had HTTPS off, we would silently get redirected to HTTP.

I think this behaviour isn't optimal, because the user must know of the HTTPS option. Once your announcement expires or if people never read it (like first time visitors in 2012), they won't be able to use the forum's HTTPS option. It would be much better to default to an "Auto" option, where the forum doesn't care whether you use HTTP or HTTPS.

This post has been edited by everling: Aug 6 2011, 11:57 PM

That's because we redirect you to https:// if you happen to stumble upon a http:// link. That glitch will be rare in the field I hope. It can happen if you have two windows open and login with the HTTPS option in window A while window B is still on HTTP.

---

Added on August 7, 2011, 12:03 amPoint taken. I made this decision because IE8 and below pops up a prompt about mixed ssl/non-ssl content. IE9 handles it more gracefully. I'll think about what I can do about this.

The login and pwd remember function seems not working anymore? I have to login everytime now.

using firefox?
i have same problem also

Ah crap. I forgot to test that (because I hardly close my browser).

i am using IE

Same situation here.

Using chrome no problem wor.

using firefox and chrome here and i have the same problem

1. If i login from the main webpage : http://forum.lowyat.net/ i have to login everytime i open and close my browser.

2. However my password is saved when i login here: https://forum.lowyat.net/index.php?act=Login&CODE=00 when i open and close my browser.

I already cleared the browser's cache and cookies in case.

for the automatic log in issue, use this to clean the https cookie, so u can automatic log in at http again.

https://forum.lowyat.net/index.php?act=Login&CODE=06

i get this on the address bar:

This post has been edited by saturn85: Aug 8 2011, 04:13 PM

Iianm, that icon only appears if there are unencrypted content on the page that you're viewing. Was it Chrome? The other browser vendors use different and less disturbing or troubling methods to indicate unencrypted content.

Unencrypted content in your encrypted HTML page is an impossible problem to solve for a forum if you want to allow your users to use external images that comes from sites without HTTPS (eg: signature images, photographs, hardware charts, etc) or don't have the technical expertise to know that they need to use HTTPS sources instead of unencrypted sources.

Actually chrome will show a yellow icon if images are loaded from http:// sites.

The crossed padlock is due to our use of http:// scripts from our advertising providers, which don't have HTTPS support. We're out of luck here, because we do need the ads to be shown. But if you use IE9, it will conveniently avoid them

I don't understand why it is that way. HTTPS secured JavaScript scripts can still be super evil and malicious scripts.

yes, i m using google chrome.
still not very clear how https works.
possible for the page to have this?:

In the event of an MITM, a script is provided a larger attack surface (think DOM manipulation, HTTP requests, etc) than multimedia are.

---

Added on August 9, 2011, 12:34 amSorry, we can't make it green. But I assure you that your browsing with https:// is at worst as secure as http://