Make automatic https kickout on logout optional
svdoord - July 29, 2009 - 12:12
| Project: | Webserver authentication |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Description
In our setup, users are automatically logged in during their first request (using a cookie). They never log out (there is no logout link or something; this is on an intranet). We also use HTTPS, and there is an Apache rewrite rule to automatically forward HTTP requests to the corresponding HTTPS request.
The problem we ran into, is that Drupal automatically logs you out when it is in maintenance mode. On logout, webserver_auth kicks you back to HTTP, which causes in our setup a redirect loop.
Therefore, we made a patch to make the HTTPS kickout optional. The patch is attached below; it would be great if it could be incorporated in a release soon!
#1