Stemming from #854206: Access denied by Secure Pages module, this issue attempts to address the case where the execution priority of this module causes its hook_user() to be skipped. Specifically, modules like Login Destination can choose to redirect, and the secure cookie would never have been set.

I understand that this is an issue with modules like Login Destination. However, it is worth noting that any module using drupal_goto() during login (which is kind of likely) will break this module.

The proposed fix merely elevates the priority of this module. Ultimately, since Drupal 7 incorporates the secure cookies into core, I believe having this module set cookies in hook_user('login') before everything else (hopefully) merely imitates core behavior to the extent that the cookie is more or less guaranteed set properly.

Patch follows.

Comments

zhangtaihao’s picture

Status: Active » Needs review
StatusFileSize
new892 bytes
zhangtaihao’s picture

StatusFileSize
new894 bytes

Oops, typo.