You're looking at an older version of Totara Learn.

Please see Totara 13 help for the latest version.

All pages


The HTTP security page has the following options:




Use HTTPS for logins 

This setting allows you to use HTTPS only for logins, reverting to HTTP afterwards. This can be useful for general speed whilst ensuring secure login.

It is important to be cautious and remember that this setting requires HTTPS to be specifically enabled on the web server. If it is not then you could lock yourself out of the site.

Secure cookies

If server is accepting only HTTPS connections it is recommended to enable sending of secure cookies. If enabled please make sure that web server is not accepting http:// or set up permanent redirection to https:// address. When wwwroot address does not start with https:// this setting is turned off automatically.

Only http cookies

Enables new PHP 5.2.0 feature. Browsers are instructed to send cookie with real http requests only, cookies should not be accessible by scripting languages. This is not supported in all browsers and it may not be fully compatible with current code. It helps to prevent some types of XSS attacks.

Allow frame embedding

Allow embedding of this site in frames on external sites. Enabling of this feature is not recommended for security reasons.

Prevent password autocompletion on login form

If enabled, users are not allowed to save their account password in their browser.


Every web server has a different method for enabling HTTPS, so you should check the documentation for your web server.

Provide feedback about this page using the link in the bottom right of this page. 

Still have questions? Why not post them in the forums of the Totara Community?

  • No labels