More of a thinking out loud than a question. I have set my named routes in my route.php file like
Route::get('user/login', array('uses' => 'UserController@login','as' => 'user.login'));
Route::post('user/postlogin', array('https','uses' => 'UserController@postlogin','as' => 'user.postlogin'));
The first route returns a view with a simple login form. The second route is responsible for checking user credentials and redirects to intended routes.
In terms of security do I have to serve over https user/login route also? As a user I am used to see the switch from http to https when accessing login page and I will be really cautious if it wasn't present. However in my app structure user credentials are sent over https through user/postlogin route. Isn't that correct? Am I missing something? I could add https for user/login also but does it really make a difference? Thank you in advance
