On 4/15/09 3:09 PM, Victor Hugo dos Santos wrote:
Yes. Our idea is have two domains: one with all data encrypted (general users) and other with login page encrypted (for satellite users)
I presume you mean "sub-domains". If your session authentication is cookie based, then be sure that the cookie domain is not specific to a sub-domain. Otherwise, authenticated sessions will not transfer from the SSL login to the non-ssl session. If they are indeed separate domains, then you will have to use something other than cookies to propagate your sessions.
Kevin
List info: http://lists.roundcube.net/users/