id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
10629	allow login redirects to traverse a secure connection	Ryan Kelly	nobody	"
To protect user's login details in-transit, I like to have my login page submit over a secure connection, redirecting the user back to an unsecured connection once the login has been established.  Something along the following lines:

   1. Unauthenticated user requests http://site/private/
   2. They're redirected to http://site/login/
   3. They submit their details securely to https://site/login/
   4. This establishes the login and redirects to http://site/private/

The standard contrib.auth views and decorators almost get me there, but they don't like switching protocols during the redirect.  Attached is a simple patch that lets contrib.auth support the above workflow by doing two things:

  *  allowing the 'next' argument to auth.views.login to contain a full URL, as long as it points to the correct host and not a third-party site
  *  having the various auth decorators record the full URL when redirecting to the login page, rather than just the path information

I imagine that having logins traverse a secure connection like this would be fairly common practice, so it'd be great to see support for it in the core distribution.

"	Uncategorized	closed	contrib.auth	dev	Normal	fixed			Design decision needed	1	0	0	0	0	0