[wp-trac] [WordPress Trac] #7001: Admin SSL Support
WordPress Trac
wp-trac at lists.automattic.com
Tue May 20 02:04:44 GMT 2008
#7001: Admin SSL Support
---------------------+------------------------------------------------------
Reporter: ryan | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: General | Version:
Severity: normal | Keywords:
---------------------+------------------------------------------------------
Improve out-of-the-box support for visiting the admin over SSL. The
default behavior should be to allow visiting the admin over http or https
with an option to force https. There should be separate secure and non-
secure login cookies. The secure cookie should be delivered only over
SSL. Let's consider a flag that will bind the secure cookie to an SSL
session id.
Implementation suggestions:
* Define SECURE_AUTH_COOKIE
* Set secure cookie for SSL-only delivery.
* Optionally force https only logins with FORCE_HTTPS_LOGIN type define
* Wrap HTTPS == 'on' check in is_ssl() function
* Add admin_url() and includes_url() functions that will create https
links if is_ssl()
* Use admin_url() and includes_url() for all JS and CSS links.
--
Ticket URL: <http://trac.wordpress.org/ticket/7001>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list