Avoiding SSL “You are about to be redirected to a connection that is not secure.” message

Question

I have a login screen which I\'m serving over SSL. The user fills in their login/password, this gets POSTed to the server. At this point I want to jump out of SSL, so I re

Answer 1

Just point your client to the latest attacks against mixed mode content (lookup CookieMonster on fscked.org) and proxy attacks (against sites available both in http and https, lookup Pretty-Bad-Proxy). He might reconsider.

It is much easier to get security right if you only deal with one protocol without mixing the two. SSL adds a bit of overhead, but it is nothing compared to the cost of a breach.