Hi All,
Running D6. What's the best practice for setting up a site where content is delivered by http *until* the user logs on and from then on I want all content to be via https.
Cheers Geoff
I don't use the default login block but set a link to the login page in the footer block:
<a href="https://www.example.com/drupal/user">Member Login</a>
This method doesn't prevent that a user can login via http either, but in the normal case she/he will use the easiest way and that means to click the link in the footer ;-)
Regards, Sebastian H.
Geoff O'Callaghan schrieb:
Hi All,
Running D6. What's the best practice for setting up a site where content is delivered by http *until* the user logs on and from then on I want all content to be via https.
Cheers Geoff
-- [ Drupal support list | http://lists.drupal.org/ ]
Quoting Geoff O'Callaghan geoffocallaghan@gmail.com:
Hi All,
Running D6. What's the best practice for setting up a site where content is delivered by http *until* the user logs on and from then on I want all content to be via https.
Ideas only here; none of them tested. A hook_init in a custom module. Some code in settings.php to modify the $base_url if the $user->uid != 0. A mod_rewrite pattern and rule.
-- Earnie -- http://r-feed.com/ -- http://for-my-kids.com/ -- http://www.4offer.biz/ -- http://give-me-an-offer.com/
Expansion on this idea.
I don't think you'll get setting.php to have $user->uid context will you? Doesn't it load too early?
If I'm right, write a module with hook_init (as Earnie says) have it set cookie then do the base_url based on whether $cookie is site.
I would at least try contacting secure pages maintainer to see if you can get a patch submitted there as this seems like a feature that would be useful to that module.
Dave
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earnie Boyd Sent: Friday, July 31, 2009 5:57 AM To: support@drupal.org Subject: Re: [support] ssl + login best practice
Quoting Geoff O'Callaghan geoffocallaghan@gmail.com:
Hi All,
Running D6. What's the best practice for setting up a site where content is delivered by http *until* the user logs on and from then on
I want all content to be via https.
Ideas only here; none of them tested. A hook_init in a custom module. Some code in settings.php to modify the $base_url if the $user->uid != 0. A mod_rewrite pattern and rule.
-- Earnie -- http://r-feed.com/ -- http://for-my-kids.com/ -- http://www.4offer.biz/ -- http://give-me-an-offer.com/
-- [ Drupal support list | http://lists.drupal.org/ ]
If you want to use something that already exists, the secure pages module can do this and any other paths you need secured.
http://drupal.org/project/securepages
Blessings
On Fri, Jul 31, 2009 at 10:47 AM, Metzler, David metzlerd@evergreen.eduwrote:
Expansion on this idea.
I don't think you'll get setting.php to have $user->uid context will you? Doesn't it load too early?
If I'm right, write a module with hook_init (as Earnie says) have it set cookie then do the base_url based on whether $cookie is site.
I would at least try contacting secure pages maintainer to see if you can get a patch submitted there as this seems like a feature that would be useful to that module.
Dave
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Earnie Boyd Sent: Friday, July 31, 2009 5:57 AM To: support@drupal.org Subject: Re: [support] ssl + login best practice
Quoting Geoff O'Callaghan geoffocallaghan@gmail.com:
Hi All,
Running D6. What's the best practice for setting up a site where content is delivered by http *until* the user logs on and from then on
I want all content to be via https.
Ideas only here; none of them tested. A hook_init in a custom module. Some code in settings.php to modify the $base_url if the $user->uid != 0. A mod_rewrite pattern and rule.
-- Earnie -- http://r-feed.com/ -- http://for-my-kids.com/ -- http://www.4offer.biz/ -- http://give-me-an-offer.com/
-- [ Drupal support list | http://lists.drupal.org/ ] -- [ Drupal support list | http://lists.drupal.org/ ]
-
Earnie Boyd -
Geoff O'Callaghan -
Metzler, David -
Sebastian Holler -
Tom Lucas