Routes need to force SSL for login process; can exit to http state after transfer of credentials.
Hmmm. Where do I begin...
Start on the Devise wiki: https://github.com/plataformatec/devise/wiki/How-To%3a-Use-SSL-%28HTTPS%29
Because we're using a cname to point to another domain, SSL as it's currently implemented will throw a warning screen complaining that the wildcard cert for heroku is different than the site.
For the time being, let's freeze this feature...
sounds good to me