Steps to recreate:

  1. login with an administrator account
  2. make sure Legal and Secure Site are enabled both in the modules section and their settings pages
  3. create an administrator account for someone
  4. logout
  5. login with the newly-created user (which hasn't logged in yet)

What happens: user can't login, gets the .htaccess screen repeatedly. In Safari, it says the "area" is the settings for "Authentication realm" but with a number attached to the end. Meaning the realm changes on each page load for new users?

Comments

darren oh’s picture

Status: Active » Closed (works as designed)

This is because the Legal module logs users out before presenting them with the terms and conditions. Set your configuration to bypass legal_accept/*. The realm change is necessary to allow Internet Explorer and Opera users to log out.

eidolon night’s picture

Version: 5.x-1.5 » 6.x-2.4

Where do I set this configuration on the latest Secure Site? This still appears to be an issue: http://drupal.org/node/146825

darren oh’s picture

Version: 6.x-2.4 » 5.x-1.5

These instructions do not apply to the Drupal 6 version. The Drupal 6 version lets other modules control access. Configure Secure Site to force authentication on restricted pages.