In 6.x secure_pages could implement the described behavior in an insecure method (ironically) unless you added the http://drupal.org/project/securepages_prevent_hijack module. The hijack prevention module is included in D7 but it's not enabled until you set $conf['https'] = TRUE in settings.php. Drupal 7 does prevent the old insecure behavior when attempting mixed-mode SSL as you noticed in your first comment, unless that setting is enabled.
_________________ Michael Prasuhn http://mikeyp.net
On Mar 18, 2013, at 10:18 AM, Fxarte fxarte@gmail.com wrote:
Hi Kamal, Thank you for sharing your solution. Did you also try secure_pages (not sure about the current status of the module)? Long time ago (6.x) it achieve what you describe here
-- Felix
On Mar 16, 2013, at 10:07 AM, Kamal Palei palei.kamal@gmail.com wrote:
Resolved.
Need to add
$conf['https'] = TRUE;
in settings.php
On Sat, Mar 16, 2013 at 7:01 PM, Kamal Palei palei.kamal@gmail.com wrote: Dear All I am trying to achieve secure login for users in a D7 site.
I tried both the options,
1.secure login module 2. rewriting the http url to https url if "user" exists in url
In both the cases observed , user is logging in a secured way.
Facing two issues.
- But why the other pages are coming as secure page (with https).
How can I disable it. I just want login page is secured, not any other pages as of now
- User logged in using https url.
Then access any page with http url, it asks for another login.
By doing login through https , can not we access http pages (as authenticated user).
Has anybody experienced this problem anytime.
Whats the work around here.
Thanks kamal
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]