I am currently working on a website that needs to have some type of login to allow visitors to posts data. First i assumed that i should use https for this site, however the more i learn to more it seems useless to use https.
For example in google to login you go through a https webpage. However when you enter the search part of google -> http://www.google.com
my computer sends a stored cookie in plain text which is used by google to give me the possiblilties to goto my account setting (btw experts-exchange.com and many other sites do the same) Couldn't this cookie be just as easily seen/hacked as if the login was done in plain http.
Since our website is not using any form of payment or stores any highly confidential information i was wondering if there is any reason to use https.