Even if you have all your configure.php settings turned on for SSL, it seems that the user can still switch a page to non-secure if they put their cursor into the address bar, delete the "s" in https, and then refresh the page.
Is there a way to force an SSL connection even if an insecure page is called for any reason?
Perhaps something in the .htaccess file maybe? Like, "If this is not a secure address, convert it to a secure address"
Many thanks :)



