Stemming from #854206: Access denied by Secure Pages module, this issue attempts to address the case where the execution priority of this module causes its hook_user() to be skipped. Specifically, modules like Login Destination can choose to redirect, and the secure cookie would never have been set.
I understand that this is an issue with modules like Login Destination. However, it is worth noting that any module using drupal_goto() during login (which is kind of likely) will break this module.
The proposed fix merely elevates the priority of this module. Ultimately, since Drupal 7 incorporates the secure cookies into core, I believe having this module set cookies in hook_user('login') before everything else (hopefully) merely imitates core behavior to the extent that the cookie is more or less guaranteed set properly.
Patch follows.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | 1330150-2-elevate-weight.patch | 894 bytes | zhangtaihao |
| #1 | 1330150-1-elevate-weight.patch | 892 bytes | zhangtaihao |
Comments
Comment #1
zhangtaihao commentedComment #2
zhangtaihao commentedOops, typo.