I've worked around this for now by including a Login option on the site main menu, but I really wanted to use a sidebar widget. The problem is that in a mixed http/https configuration, one can never be certain whether the login box will be encrypted or not.
I'm trying to think of how I might wrap the widget code in something to:
- force SSL for the form submission; and
- add a line of text to the widget informing users that the form is secure
Any thoughts on these? Of course, to the lay user, the lack of a security padlock or other indication in the browser (other than my word for it in the widget's text) may not be sufficient to allay fears of transmitting credentials in the clear.