Posted by agentrickard on February 12, 2009 at 5:09pm
3 followers
Jump to:
| Project: | Secure Pages Hijack Prevention |
| Version: | 6.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
The module will not install correctly, nor will it allow you to login because of the following logic errors:
function securepages_prevent_hijack_enable() {
if (variable_get('securepages_enable', FALSE) && variable_get('securepages_prevent_hijack', FALSE)) {
_securepages_prevent_hijack_cookie();
}
}Setting the variable default to FALSE here means the cookie is never set, causing the admin to be immediately logged out.
/**
* Implementation of hook_user().
*/
function securepages_prevent_hijack_user($op, &$edit, &$user, $category = NULL) {
switch ($op) {
case 'login':
if (variable_get('securepages_prevent_hijack', FALSE)) {
if (! isset($_SERVER['HTTPS'])) {Same here.
Now, I realize while typing that I can correct this behavior by adding:
$conf['securepages_prevent_hijack'] = TRUE;To settings.php, except that the documentation NEVER mentions this little fact.
Comments
#1
oof. That is bad. The variable_get was leftover from a previous version.
Can you try the latest dev release and report back?
Thanks!
#2
Just changing that should be fine. When I hardcode the change into $conf, it works as expected.
#3
#4
Automatically closed -- issue fixed for 2 weeks with no activity.