I was able to generally reproduce this by going to the https login page, logging in, logging out, then going to http version. With "cache anonymous pages" turned on, it would not redirect to https.
Some test curl calls may shed some light...
When it's off, and it works:
$ curl -I http://www.example.com
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Aug 2012 15:07:09 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 03 Aug 2012 15:07:09 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1344006429"
Content-Language: en
Location: https://www.example.com/home?destination=node/1
Connection: close
Content-Type: text/html; charset=utf-8
When it's on, and it doesn't work:
$ curl -I http://www.example.com
HTTP/1.1 403 Forbidden
Date: Fri, 03 Aug 2012 15:07:15 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
X-Drupal-Cache: HIT
Etag: "1344006376-0"
Content-Language: en
X-Generator: Drupal 7 (http://drupal.org)
Cache-Control: public, max-age=60
Last-Modified: Fri, 03 Aug 2012 15:06:16 +0000
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Vary: Cookie,Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Maybe this is not necessarily a bug, but at the very least it should be an installation or documentation issue.
Thanks.
Comments
Comment #1
denix commentedI confirm having the same problem. I agree that this is not a proper bug, but it is very annoying as the anonymous cache is very helpful for high traffic servers.
A bit more documentation would be of great help.
Best regards,
Denis
Comment #2
mfbI use "cache anonymous pages" and HTTPS redirect on my sites without any trouble.
If the page has already been cached before you enable HTTPS redirect, then you would have to clear your cache to get it working. It might be a good idea to clarify this in documentation.
Comment #3
julianmancera commentedHi,
I'm getting the redirect loop problem with the cache for anonymous user enabled. Do you have this same problem? It seems that this issue was addressed for the D6 version of the module but remains for D7
Julian Mancera
Comment #4
mfbI'm still going to need more info on how to reproduce this. I use secure login module on numerous sites with cache anonymous pages enabled. "me too" doesn't actually help diagnose the problem.
Comment #5
mfbI added a cache_clear_all() call in the securelogin settings page so hopefully this fixes any issues people are having. If not please re-open :)
Comment #7
denix commentedComment #8
denix commented