id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 10629,allow login redirects to traverse a secure connection,Ryan Kelly,nobody," To protect user's login details in-transit, I like to have my login page submit over a secure connection, redirecting the user back to an unsecured connection once the login has been established. Something along the following lines: 1. Unauthenticated user requests http://site/private/ 2. They're redirected to http://site/login/ 3. They submit their details securely to https://site/login/ 4. This establishes the login and redirects to http://site/private/ The standard contrib.auth views and decorators almost get me there, but they don't like switching protocols during the redirect. Attached is a simple patch that lets contrib.auth support the above workflow by doing two things: * allowing the 'next' argument to auth.views.login to contain a full URL, as long as it points to the correct host and not a third-party site * having the various auth decorators record the full URL when redirecting to the login page, rather than just the path information I imagine that having logins traverse a secure connection like this would be fairly common practice, so it'd be great to see support for it in the core distribution. ",Uncategorized,closed,contrib.auth,dev,Normal,fixed,,,Design decision needed,1,0,0,0,0,0