using https

[feck]

i'm using https to log someone into a part of a website, this gets validated both client and server-side, and is again validated against a password encrypted MySQL system.After using https for the initial password and username validation, once the page becomes directed to the new part of the site, that cannot be accessed other than being a valid user, is it still necessary to use https on all page requests in this part of the site?

[aspnetguy]

That depends. What type of data will be passed in this secure part of the website. If it is only data for the user to read then no you don't but if they are going to continue to fill out forms with personal or sensitive information then yes you should continue to use https

[feck]

thanks aspnetguy,so basically if a validated user would then go on to manipulate data through a form or forms then keep using https to help with validation.

[aspnetguy]

https doesn't help valid it just encrypts the data as it is passed from the clients computer to the server (ie. when a form is submitted). If a hacker was to intercpt this submitted data then it would be unreadable because it is encrypted.

[justsomeguy]

Also take cookies into consideration if you are using them. If you are ever transmitting things like passwords or other sensitive data, either in cookies, through a form, or even just displaying it on the page, then you will want to continue to use https. It won't stop anyone from logging in, but if someone is monitoring the connection and is capturing whatever goes on the wire, then you will want that information to be encrypted so that they can't read it. If you don't care if the information you are sending and receiving gets intercepted, then https doesn't matter.

[feck]

Thanks alot people.