Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Can you please amend the project description "It is recommended for all securepages users."?
IMO it is only recommended for people who want mixed HTTPS/HTTP sessions and do not care about information leaks.
Comments
Comment #1
grendzy CreditAttribution: grendzy commentedIn my experience this is pretty much everyone using securepages, since very few end-users are aware of this issue, and securepages doesn't advise its' users to enable session.cookie_secure (and usually those that do enable it are annoyed when they realize they can't have mixed sessions anymore).
I don't want the project page to be too complicated or technical... But I have updated it. Please mark this issue as "fixed" if you think the new page addresses your concern.
Thanks!
Comment #2
grendzy CreditAttribution: grendzy commented