Dear All I am trying to achieve secure login for users in a D7 site.
I tried both the options,
1.secure login module 2. rewriting the http url to https url if "user" exists in url
In both the cases observed , user is logging in a secured way.
Facing two issues.
1. But why the other pages are coming as secure page (with https). How can I disable it. I just want login page is secured, not any other pages as of now
2. User logged in using https url. Then access any page with http url, it asks for another login.
By doing login through https , can not we access http pages (as authenticated user).
Has anybody experienced this problem anytime.
Whats the work around here.
Thanks kamal
Resolved.
Need to add
$conf['https'] = TRUE;
in settings.php
On Sat, Mar 16, 2013 at 7:01 PM, Kamal Palei palei.kamal@gmail.com wrote:
Dear All I am trying to achieve secure login for users in a D7 site.
I tried both the options,
1.secure login module 2. rewriting the http url to https url if "user" exists in url
In both the cases observed , user is logging in a secured way.
Facing two issues.
- But why the other pages are coming as secure page (with https).
How can I disable it. I just want login page is secured, not any other pages as of now
- User logged in using https url.
Then access any page with http url, it asks for another login.
By doing login through https , can not we access http pages (as authenticated user).
Has anybody experienced this problem anytime.
Whats the work around here.
Thanks kamal
Hi Kamal, Thank you for sharing your solution. Did you also try secure_pages (not sure about the current status of the module)? Long time ago (6.x) it achieve what you describe here
-- Felix
On Mar 16, 2013, at 10:07 AM, Kamal Palei palei.kamal@gmail.com wrote:
Resolved.
Need to add
$conf['https'] = TRUE;
in settings.php
On Sat, Mar 16, 2013 at 7:01 PM, Kamal Palei palei.kamal@gmail.com wrote:
Dear All I am trying to achieve secure login for users in a D7 site.
I tried both the options,
1.secure login module 2. rewriting the http url to https url if "user" exists in url
In both the cases observed , user is logging in a secured way.
Facing two issues.
- But why the other pages are coming as secure page (with https).
How can I disable it. I just want login page is secured, not any other pages as of now
- User logged in using https url.
Then access any page with http url, it asks for another login.
By doing login through https , can not we access http pages (as authenticated user).
Has anybody experienced this problem anytime.
Whats the work around here.
Thanks kamal
-- [ Drupal support list | http://lists.drupal.org/ ]
In 6.x secure_pages could implement the described behavior in an insecure method (ironically) unless you added the http://drupal.org/project/securepages_prevent_hijack module. The hijack prevention module is included in D7 but it's not enabled until you set $conf['https'] = TRUE in settings.php. Drupal 7 does prevent the old insecure behavior when attempting mixed-mode SSL as you noticed in your first comment, unless that setting is enabled.
_________________ Michael Prasuhn http://mikeyp.net
On Mar 18, 2013, at 10:18 AM, Fxarte fxarte@gmail.com wrote:
Hi Kamal, Thank you for sharing your solution. Did you also try secure_pages (not sure about the current status of the module)? Long time ago (6.x) it achieve what you describe here
-- Felix
On Mar 16, 2013, at 10:07 AM, Kamal Palei palei.kamal@gmail.com wrote:
Resolved.
Need to add
$conf['https'] = TRUE;
in settings.php
On Sat, Mar 16, 2013 at 7:01 PM, Kamal Palei palei.kamal@gmail.com wrote: Dear All I am trying to achieve secure login for users in a D7 site.
I tried both the options,
1.secure login module 2. rewriting the http url to https url if "user" exists in url
In both the cases observed , user is logging in a secured way.
Facing two issues.
- But why the other pages are coming as secure page (with https).
How can I disable it. I just want login page is secured, not any other pages as of now
- User logged in using https url.
Then access any page with http url, it asks for another login.
By doing login through https , can not we access http pages (as authenticated user).
Has anybody experienced this problem anytime.
Whats the work around here.
Thanks kamal
-- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]
-
Fxarte -
Kamal Palei -
Michael Prasuhn