I login to a webpage using http:// I get redirected by javascript to https://. This opens a login page under https. After logging on successfully the next page is in http again. Why didn't the next page open with https as well. I am using JETTY as web server.
Are you posting your login form to http://mysite.com/login.php?
If so, I'd recommend using a relative link (e.g. <form action="login.php" method="POST">
)
Encryption is usually only used when transferring sensitive data such as usernames and passwords (or your online bank account).
For an otherwise public website like StackOverflow it's impractical to use HTTPS for anything other than the login credentials because if every logged in user at StackOverflow would use HTTPS for every page-view the site could be too expensive to run because encryption is resource heavy which means it would require more hardware.
The server-side software could work something like this at the login page:
- User goes to login page http://mysite.com/login
- Login page is displayed. The HTML form points to https://mysite.com
- User types username/password and submits the form over an encrypted session
- User lands on "Login successful" page which redirects to the unencrypted http://mysite.com/
HTTP supports redirects in the header using the Location command:
Location: http://www.example.org/
Content-Type: text/html
Content-Length: 174
Hope this helps!