When the option "Switch back to http pages when there are no matches" is checked. I get an access denied message on the logout URL. And as a result, the login fields appear as if you have logged out, but the user has not. If you go back a page, or put in another URL, you can see that the user is still logged in.

When this option is not checked, this doe not happen of course.

Comments

sanduhrs’s picture

sanduhrs
he/him
Primary language German
Location 🇪🇺 Heidelberg, Germany, Europe
commented
Version: 6.x-1.7 » 6.x-1.8

I saw that with 1.8, too.
What value do you have for session.cookie-secure ?

kurzweil4’s picture

kurzweil4 commented

Where is that value stored?

butler360’s picture

butler360 commented
Version: 6.x-1.8 » 6.x-1.x-dev

I get this problem, too, with the newer dev version. I also don't know how to check "session.cookie-secure."

Anonymous’s picture

Anonymous (not verified) commented
Assigned: Unassigned »
Status: Active » Closed (fixed)

Couldn't reproduce your problem.

Please reopen if your still experiencing problems and i'll see if i can help.

Best,
Paul Booker

bkosborne’s picture

bkosborne
Primary language English
Location New Jersey, USA
commented
Status: Closed (fixed) » Active

I'm having this problem as well. I'm using 6.18.

I have my own Logout link on the header of my site that only appears when a user is logged in. When they click it, it will log them out - but it brings them to an Access Denied page. I'm also using Hijack prevention module...

grendzy’s picture

grendzy commented
Status: Active » Fixed

I agree with #1 - it sounds like session.cookie_secure has the wrong value. You can check this at /admin/reports/status/php. It should be "off" if you are using securepages_prevent_hijack.

See also http://php.net/manual/en/session.configuration.php

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

jakew’s picture

jakew commented
Status: Closed (fixed) » Active

Same problem, session.cookie_secure = "off". Drupal 6.28, Secure Pages 6.x-1.9, Secure Pages Hijack Prevention 6.x-1.6.

astonvictor’s picture

astonvictor commented
Assigned: » Unassigned
Issue summary: View changes
Status: Active » Closed (outdated)

I'm closing it because the issue was created a long time ago without any further steps.

if you still need it then raise a new one.
thanks