I’ve setup a new site that’s using an SSL cert to secure logins and payments (s2member plugin). But there seems to be a major problem with how WordPress deals with SSL. It seems that it’s either all or nothing in terms of delivering pages over HTTPS. But that’s obviously going to be slow and too much overhead for my server.
My main frustration is form the different cookies that are being used. If a user logs into the site over HTTPS, the secure cookie is set. However, the rest of the site (running over HTTP) will not be looking for the secure cookie, and won’t see that the user is currently logged in. This has been the experience on my site at least.
I’ve tried setting FORCE_SSL_LOGIN, FORCE_SSL_ADMIN, and COOKIE_DOMAIN without any luck. Each seams to cause another problem somewhere else.
Is there something else I should be doing, or is this an known/unknown flaw in WordPress? Is there perhaps a way of using a database table to handle sessions instead?
I’m having the same issue. The cookie from logging in over ssl doesn’t appear to stick for non ssl pages.
Example. I have an “edit profile” link only being displayed to logged in users. If a user logs in via https and then visits another https page they’ll see the link. However if they are on any other non https page wordpress doesn’t know their logged in.