Jump to:
| Project: | Secure Login |
| Version: | 5.x-1.x-dev |
| Component: | Miscellaneous |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
I'm using previous version of this (October 2007) module since it gives me opportunity to tell Drupal where to send user login- and profile-stuff. Basically that solved my problem, where user login-data is sent unprotected through internet. BUT since mys ssl-site and regular site addresses are not the same, newer version of Secure Login is not working for me anymore.
This is what I have:
Two sites with shared user- and profile-tables etc. Both sites login-cookie is sent to "domain.com" -address (setup in drupal_folder/sites/www.domain.com/settings.php and drupal_folder/sites/ssl.domain.com/settings.php):
http://www.domain.com and
https://ssl.domain com
When user is logging in www.domain.com -site, login-form is sent to ssl.domain.com-site. User gets logged in, site puts domain.com -cookie into browser and user is free to go there and forth between both sites.
Features I'd love to have in Secure Login:
a) to be able to tell Drupal installation where to send user-data forms (not just throught https-protocol)
--> this would be a kind of rollback to previous version???
b) to be able to redirect users logged in throud Secure Login -forwarded form back to where they were before using login-form
1. user is in www.domain.com/page_of_importance, and he/she wants to log in
2. user clicks login-linki and gets to www.domain.com/user
3. form sends stuff to ssl.domain.com/user
4. login success leads to logged in user AND (immediately?) redirect to www.domain.com/page_of_importance
I'm not sure if this is possible at all, since AFAIK not all users give realiable http-referer -data (and it may be empty anyway).
Comments
#1
(a) I've re-implemented secure base URL. As for (b), I don't think this is something that should be handled by Secure login, since it's not related to, well, secure login.
#2
Thanks avf!