I have Secure Pages and SecurePages Hijack Prevention installed on two different sites. On one, Drupal is installed in the root directory of the domain, and everything works as expected. Login is possible from either the user page or from the login block on the front page. All of the ssl and non-ssl redirections happen correctly.

On the other site, Drupal is installed in a subdirectory; i.e. the Drupal site is accessed as http://domain.com/subdir. For this site, Secure Pages by itself works correctly. However, adding the Hijack Prevention module causes incorrect behavior. Login from the user page still works and is properly redirected. However login from the login block on the front page goes astray. The redirection seems to be going to http://domain.com/subdir/subdir/node/1.... I.e., the subdir name gets included twice in the redirection.

A workaround is to not use the login block, and require all logins be done through the user page.

Comments

stevethompson’s picture

stevethompson commented
Version: 6.x-1.2 » 6.x-1.3

The change to 6.x.1.3 changed the problem, but did not eliminate it. In fact, it made it worse for me. Now the same problem described before is present with the user page login. And I do not have the login block activated for the site. So I am currently locked out.

grendzy’s picture

grendzy commented

The 1.3 release was to fix a different issue -- would you be willing to test the Mar. 06 dev release? I committed another change that *should* work for sites installed in subdirectories. Thanks!

stevethompson’s picture

stevethompson commented
Version: 6.x-1.3 » 6.x-1.x-dev

Silly me to assume mine was your only reason to release an update...

The March 6 dev release works fine for my case. I will use it for now and look for the update release that really includes this fix. Thank you very much.

grendzy’s picture

grendzy commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.