Problems with FORCE_SSL_LOGIN and FORCE_SSL_ADMIN

[bmaupin]

I'm no expert on these things, so I may not be right about this, but there seem to be two problems with the plugin, caused by the same part of code (line 208 of sidebar-login.php):

1. If you define FORCE_SSL_ADMIN as true in wp-config.php, logging in using the sidebar login from a non-SSL url will fail because admin_url('admin-ajax.php') will generate an https url, and the browser will block this as a cross-domain POST.

2. If you define FORCE_SSL_LOGIN as true in wp-config.php, logging in using the sidebar login from a non-SSL url will cause an insecure login because admin_url('admin-ajax.php') will generate a non-SSL http url.

   Simply forcing this to https using admin_url('admin-ajax.php', 'https') will fail for the same reasons as the first problem.

My first thought for a solution was the sidebar-login plugin could reload the page as https if either one of those constants is defined. I saw some other possible solutions here:

http://stackoverflow.com/questions/298745/how-do-i-send-a-cross-domain-post-request-via-javascript

...not sure where you want to go with this or I would have coded a solution myself.

Thanks!