Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The attached patch makes Secure Pages able to detect and prevent hijacked sessions from accessing SSL pages. See http://drupal.org/node/65371#comment-123944 for my explanation of how it works and why it is useful.
Comment | File | Size | Author |
---|---|---|---|
#2 | securepages-2006-Nov-13-hijack.patch.txt | 3.93 KB | grendzy |
securepages-hijack.patch | 4.29 KB | bjaspan |
Comments
Comment #1
grendzy CreditAttribution: grendzy commentedHas anyone tested this patch? It sounds like a great addition to securepages. Is it likely to get committed?
Comment #2
grendzy CreditAttribution: grendzy commentedI've just tested this patch out. It worked exactly has advertised for me. I'll describe how I tested it so others can repeat it:
p.s. - I'm attaching a new patch, since the original no longer applies cleanly to the 4.7 release. There are no code changes, it's just the revision number at the top of the file didn't match. I'm also bumping the status up to "ready to be committed" (in my humble opinion).
Comment #3
grendzy CreditAttribution: grendzy commentedautomatically closed - The 4.7 branch is no longer supported. If this issue is present in a currently supported version, please change the version field and re-open. Thanks!