Trouble using ssl_requirement with restful_authentication in Ruby/Rails.

Question

I'm trying to use the ssl requirement plugin with the restful authentication plugin and I have a question that I'm having trouble finding the answer to.

When allowing a user to login from a non-SSL action/page, should I require SSL on the session's create action for increased security, or is that overkill?

If so, how do I get the create action to work going from non-SSL to SSL? It throws a ActionController::MethodNotAllowed exception stating "Only post and delete requests are allowed".

Thanks.

Answer 1

Hello, I'm working on the same thing here. I think that you should set up the SSL requirement to be used on the session create, because that is the moment when you are handling sensitive information to the server.