Auto-detect SSL session and redirect to secure URL

Troy's Avatar

Troy

24 Apr, 2012 10:31 PM

This comment was split from the discussion: Support forcing admins to use SSL for custom hostnames

There's one gotcha in that the admin ticket update emails use the public URL on our domain (and use http), so clicking a URL in an email about a private ticket just displays the "Are you Joe Sixpack?" login screen. Clicking a public ticket URL shows the ticket but I'm not logged in, since the session cookie is on the tenderapp hostname. Clicking the header Login link does the redirect and lands me back as an admin.

Given that, for folks with custom domains, I could see using the tenderapp hostname in emails to admins. That would also allow linking with https, and make clear that implementors should use the tenderapp hostname for admin logins.

  1. 1 Posted by Hobson on 24 Apr, 2012 10:44 PM

    Hobson's Avatar

    Troy,

    Thanks for the feedback on HTTP URLs being returned in staff communications. I agree that this is a big usability gap in Tender. We're evaluating a solution that would allow us to securely detect an existing HTTPS session and redirect you automatically. Stay tuned.

    Regards,

    -hobson

  2. 2 Posted by Troy on 24 Apr, 2012 11:01 PM

    Troy's Avatar

    Thanks Zach. Shout if you want a tester. -T

  3. Nicole closed this discussion on 29 Jun, 2012 06:25 PM.

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac