Quote Originally Posted by one tall man View Post
If a site user enters the site via https, they expect that their entire session will be SSL encrypted.
If a site then redirects them back to http, their expectation is violated.
Okay, but, what is your consideration if a site visitor enters the site with http:, but at some point is redirected to https: like say they go to send the site owner a message using contact_us. When they then continue on their merry way, which if looking at product on the site would be via http: should they be "allowed" to return to http: or are you thinking that now that they have stepped "up" they can never step back "down"? (please BTW, that is a metaphorical up/down comparison, I am not saying as a comparison, but more like a logical on/off).