When $base_url is set in the settings.php to http://example.com, the https is rewritten to http and the form is submitted over clear text. When I look at the source of the login page, the form action is correct:

But when I look at my webserver logs, I don't see any https requests. I simply see the http.

If I don't set $base_url, the login page is submitted using https but the whole site navigation becomes https as well. I was hoping that once the form information was submitted via https that the site could be navigated using http.

Comments

avf’s picture

I can't reproduce this.

avf’s picture

Status: Active » Closed (fixed)
richardbporter’s picture

I have this problem as well. If I set $base_url in settings.php, the login form is redirected from https to http.

mfb’s picture

@rbp: This is an old closed issue for the Drupal 5 version of Secure Login. Are you using Drupal 5?

richardbporter’s picture

Whoops no, I'm sorry. I just searched base_url in the issues. My fault.