What happens if a user is connected to my website via HTTPS but my CSS contains absolute path references to pictures via HTTP?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What happens if a user is connected to my website via HTTPS but my CSS contains absolute path references to pictures via HTTP?
As others already have written, the browser shows a warning about the partly unsecure page.
The reason for this behaviour is, that having a session cookie, this cookie will be sent along with this unsecure HTTP requests (even for pictures). So if you are not prevent this explicitely, it would be possible to hijack the session, what makes the security of your site worthless.