Can we remove secure login option alone from Magento

2.2k Views Asked by Elamurugan At 03 February 2011 at 17:52

Is there way to disable the secure login/registeration/forgot password alone, but all other pages like checkout customer dashboard area can use https but i want to disable secure url for only customer login/registeration/forgot pages, i checked on custome r module /etc/config.xml but couldnot find anything like that.

Please help me

Thanks in advance.

Original Q&A

There are 3 best solutions below

B00MER On 04 February 2011 at 21:37 BEST ANSWER

First you'll want to do all this from app/code/local/ of course!

With that being said you'll need to extend/edit app/code/core/Mage/Customer/etc/config.xml:

    <secure_url>
        <customer>/customer/account/</customer>
    </secure_url>

...and remove it.

Next you'll need to edit/extend app/code/Core/Mage/Customer/Helper/Data.php:

and modify the _getUrl()'s to force using secure url on the pages you want it to be secure:

return $this->_getUrl('customer/account', array('_secure' => true));

NOTE: Like everyone else mentioned this isn't exactly a good idea from a security stand point.

Hope this helps!

Eugene Mayevski 'Callback On 03 February 2011 at 17:57

Did you think that Login pages are accessed via HTTPS for a reason? The reason is to protect them from modification. Removing HTTPS will open a huge security hole and will cause leakage of passwords of your web site visitors.

Chaabelasri E. On 04 February 2011 at 08:49

So, you should overload the blocks that contents url links and rework it to get urls witout http. But the good is to use in your box the iframes.

Can we remove secure login option alone from Magento

There are 3 best solutions below

Related Questions in MAGENTO

Related Questions in HTTPS

Related Questions in MAGENTO-1.4

Trending Questions

Popular # Hahtags

Popular Questions