Why is https only used for login?

Question

Is performance the only issue? Can\'t an https connection be used throughout a user\'s session? There is obviously less redirection happening!

I found this related quest

Answer 1

Performance is not the only issue. If you're going to use HTTPS, you really need to check that all your content, including third party images and libraries, is available through HTTPS. Otherwise, you will generate annoying mixed content messages on IE:

http://blog.httpwatch.com/2009/04/23/fixing-the-ie-8-warning-do-you-want-to-view-only-the-webpage-content-that-was-delivered-securely/

This also means that you'll need separate SSL certificates for each host name that you use (e.g. images.example.com ) or some sort of wild card SSL certificate (e.g. for *.example.com).

A carefully configured site should only suffer a slight CPU hit on client and server using HTTPS:

http://blog.httpwatch.com/2009/01/15/https-performance-tuning/