There may be a security problem for all of you using Auth. Even if the login process is done threw SSL the session should be also kept over SSL or else you may be vulnerable to session hijacking ( http://en.wikipedia.org/wiki/Session_hijacking ) attacks.
My question is, is there a control to make auth methods and logged in sessions to be kept over https and https only leaving at the same time, public data to be transmitted as clear data? Thank you, Best regards
