Https does not switch back to http properly

I'm having the same issue, and I'm sure the warning that pops up when submitting any form is worrying to my users. Are we the only ones with the problem???

Mind if I ask why you have installed for modules?

Here's a copy of my available updates list (quickest way to copy-paste)

Drupal core
Drupal 6.10

Modules
Administration menu 6.x-3.x-dev (2009-Apr-04)
Advanced help 6.x-1.2
Auto Assign Role 6.x-1.0-beta3
Ubercart 6.x-2.0-beta5
CAPTCHA 6.x-1.0-rc2
Charts 6.x-1.0-alpha5
Checkbox Validate 6.x-1.1
Content Construction Kit (CCK) 6.x-2.2
Date 6.x-2.1
Devel 6.x-1.15
FCKeditor - WYSIWYG HTML editor 6.x-2.0-beta1
FileField 6.x-3.0-rc1
Format Number API 6.x-1.4
Formatted Number CCK 6.x-1.1
ImageAPI 6.x-1.5
ImageCache 6.x-2.0-beta8
ImageField 6.x-3.0-rc1
Imagefield Crop 6.x-1.0-beta3
Legal 6.x-2.2-beta4
LoginToboggan 6.x-1.4
Mass Contact 6.x-1.0-beta2
Quiz 6.x-2.1
Open Flash Chart API 6.x-2.10
Profile Plus 6.x-1.1
Rules 6.x-1.0-beta5
Secure Pages 6.x-1.7
Thickbox 6.x-1.2
Token 6.x-1.11
User Read-Only 6.x-1.0
User Protect 6.x-1.2
Views 6.x-2.3

Themes
Acquia Marina 6.x-1.5

Note, this also causes problems with admin menu module, as it often doesn't appear on the https pages that should be http...

I just turned this module on and noticed the same issue. as if that checkbox does nothing. I also have the "Secure Pages Prevent Hijack" module.

i am experiencing the same issue

Me too! Even on 1.8.

Cool. Seeing any overlap in our modules? It doesn't seem this is affecting everyone...

Here is my overlap in modules
=====================

Content Construction Kit (CCK)
Date
Devel
FileField
ImageAPI
ImageCache
ImageField
Secure Pages
Token
Views

Administration menu 6.x-3.x-dev (2009-Apr-04)
CAPTCHA 6.x-1.0-rc2
Content Construction Kit (CCK) 6.x-2.2
Date 6.x-2.1
FCKeditor - WYSIWYG HTML editor 6.x-2.0-beta1
FileField 6.x-3.0-rc1
ImageAPI 6.x-1.5
ImageCache 6.x-2.0-beta8
ImageField 6.x-3.0-rc1
LoginToboggan 6.x-1.4
Rules 6.x-1.0-beta5
Secure Pages 6.x-1.7
Token 6.x-dev
Views 6.x-2.3

(Not 100% on the versions of these modules. Just copied and pasted from the post above and removed the ones I know I don't have.)

OK, so firstly is probably a matter of disabling each one temporarily and seeing whether the problem corrects itself. I'm a little budy now, but I'll let you guys know if I have any luck when I get around to it!

I don't know if this helps, but I had the same thing happen, however I was able to get it resolved, my story is as follows...

1) I enabled Secure Pages and selected "Switch back to http pages when there are no matches", everything worked as promised and I was happy.
2) Later I had an issue with my SSL and had to disable Secure Pages until it was resolved.
3) When I re-enabled Secure Pages, I began to experience the problem as explained above (it wouldn't switch back to http)
4) I disabled Secure Pages module, and then I uninstalled it using admin/build/modules/uninstall
5) I re-installed the Secure Pages module and enabled "Switch back to http..." and it worked correctly.

My guess is that something gets screwed up when changes are made to configuration after the intial settings are made. Hope this helps you figure it out, fortunately for me my version is working properly. Thanks.

Since my site is a live site I'm not really sure what I can do as far as disabling random modules like the ones listed above.

I just tried ptwob132's suggestion and things appear to be working. This may've been an Operator's Error on my part because I was just going off of the way it was acting when I was logged in as the admin. When I open a new browser and try to put an s (https) it redirects me to the right one. I'll keep an eye on it.

oh hey thanks ptwob132! I'm actually done with secure pages until the next annual cycle when I need to accept payment again, but I'll give that a shot! You're a superstar

I experience the same issue when logged in as the admin, but when using the site as an anonymous user or any other type of authenticated user it works fine. So I'm thinking it's an issue specific to User 1. Hope that helps with the debugging.

I was having the same issue, also with user 1 and not other authenticated users. Rather than uninstalling and re-installing securepages, I found that clearing the cache resolved the problem for now. Interesting.

I noticed the same issue.
It works fine as anonymous or authenticated user, but does not switch back when admin.
I have activated the $base_url variable (line 125) in sites/default/setting.php and it seems to fix the problem.

Hi,

I'm experiencing the same problems;

- have enabled secured pages
- checked 'switch back to http pages...'
- non-secure base url: http://www.example.com
- secure base url: https://www.example.com
- checked 'Make secure only the listed pages'
- entered NO listed pages
- Ignore pages:
*/autocomplete/*
*/ajax/*

- I've tried disabling Secure Pages module and uninstalling it
- I've tried setting a base_url in settings.php (although I really shouldn't in combination with Domain module)
- tried disabling clean urls, domain module

Still nothing :(

Any ideas?!

Found the problem in my setup;

In my case the solution was to enter just A url under the listed pages, a fake one will do.
That solved the entire problem and now it's working fine! Even the admin is redirected form https back to http if the url is not listed!

Cheers

Sorry for not attaching a proper patch but I reckon my edit needs some tweaking anyway.
In securepages.module in function securepages_match() on line # 237 it says just to return and do ziltch.
So if no ignore and no match pages are listed on admin/build/securepages it doesn't do a darn thing, no matter if you checked 'switch back to http....'
That's why my temp hack above worked.

EDITED: SEE NEXT POST

I think the code should be changed to: return 1-variable_get('securepages_switch', FALSE);

Maybe there's a better syntax but this seems to work and respect the checkbox setting ;)

Cheers

Sorry, my prev post was an incomplete solution.
Hereby a patch with the correct change.

The problem in my case was with the function securepages_match().
Basically it says;
if current page matches one in the ignore list then....
if current page matches one in the pages list then...
else return and do nothing...

Well it shouldn't return and do nothing just like that.

If one has checked; Switch back to http pages when there are no matches
Plus has checked; Make secure every page except the listed pages.

What should it do? I think it should switch back to http pages when there are no matches as one has checked!?

But in current situation if one had checked; Switch back to http pages when there are no matches
And checked either; Make secure every page except the listed pages / Make secure only the listed pages
But not entered and urls under 'pages' the module wouldn't switch back att all. It only worked if an url was given (fake one would do as mentioned above).

Anyway, I think I've solved it for my case of not switching back properly. I've (finally found out how and) provided a patch.

Cheers

I'm having a very similar issue. For me, the behavior is occurring on either side of the option "Switch to http when no match is found."

Tried clearing caches. No luck.

I have Secure Pages and Secure Pages Hijack Protection. I have tried disabling, uninstalling, and re-enabling both. No luck.

I have tried running ONLY Secure Pages without HP. Nope.

It is affecting non-user1 users (unlike #13).

I can't set $base_url (as #15 suggests) because it would bork my Domain Access configuration, among other things.

And unlike Bartezz (#17-#19), I have specified certain pages which need HTTPS, and they are populated in Secure Pages configuration. So this patch won't help me, unfortunately.

Drupal core
Drupal 6.13

Module overlap (via #8, versions are mine)
Administration menu 6.x-1.5
CAPTCHA 6.x-1.0-rc2
Content Construction Kit (CCK) 6.x-2.5
Date 6.x-2.3
FileField 6.x-3.1
LoginToboggan 6.x-1.5
Rules 6.x-1.x-dev (10-Aug-2009)
Secure Pages 6.x-1.8
Secure Pages Hijack Protection 6.x-1.5
Token 6.x-1.12
Views 6.x-2.6

The site hasn't gone live yet, at least. This was so much nicer to think about than an .htaccess solution, but I guess that's the next stop. Ugh.

Nonetheless, would be thrilled if anyone finds a clue. Thanks. I will keep trying too.

I may have solved my own problem, though it might only help those running Domain Access.

As a Domain Access user, I have numerous domains running (site1.domain.com, site2.domain.com), but I have set up Ubercart and other such significant items to only utilize the base domain (domain.com). So that is the only one that needs SSL.

The "domain URL scheme" setting [/admin/build/domain/settings] for the base domain needed to be set to HTTPS. It seems that Domain Access may have actually be strong-arming the URL scheme back to HTTP for this base domain until I changed the setting. Then I was able to set specific pages as protected within Secure Pages, and I checked "Switch to http when no match is found" again. Seems to be working!

Changing status to needs review since there's a patch at #19.

This is a question in regard to the patch in response # 19 but is specific to drupal 5.x version:

Would the code at line 237 in the 6.x version be replaced at line 239 of the 5.x version?

In other words at line 239, would
return;
be replaced by
return $secure ? 0 : (variable_get('securepages_switch', FALSE) ? 0 : 1);

Thanks.

Hey Jusyjim,

Not a 100% sure but I think so. Give it a shot and let us know!

Cheers

How about it?