In the situation that requires a user to be navigating a site using http (eg. putting items in their cart) and then requiring them to navigate to a section of the site that is https (eg. payment for the items), a modification to the module needs to be made. The behaviour that is currently experienced is that the user's session gets closed when the transition from http/https or vice-versa occurs. To make the module see the session as one per user, instead of one per scheme (http/https), change the following:
file: session.singlesignon.inc
function: singlesignon_get_domain
original line is:
return preg_replace('/^www\./', '', $parsed['host']) . ($parsed['scheme'] == 'https' ? ':ssl' : '');
change line to:
return preg_replace('/^www\./', '', $parsed['host']);
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | singlesignon-ssl-persistence.patch | 659 bytes | carlos8f |
Comments
Comment #1
carlos8f commentedI ran into the same problem today. Drupal normally has session persistence across http/https, which makes sense for the majority of sites--I don't understand why singlesignon would create a separate session for SSL (and not give you a choice either). Here's the solution in patch form.
Comment #2
jim kirkpatrick commentedThis is the main issue for me when trying to use Secure Pages - I cannot log in since we only have SSL on login, registration and admin pages and SSO's current implementation is flawed as jeff.cote has proven... Having session changes between http/https contexts causes problems.
The patch and fix works very well and should be committed IMHO. Updating status.
PS... Is this module abandoned? Things are awfully quiet with the maintainers around here...
Comment #3
jim kirkpatrick commentedComment #4
yngens commentedSame issue here. Will the patch be committed or not?