Closed (outdated)
Project:
Secure Pages
Version:
6.x-1.8
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
7 Jul 2010 at 02:27 UTC
Updated:
26 Nov 2024 at 10:02 UTC
Jump to comment: Most recent
When going to the user page of a logged in user, I get SSL on the first go. If I then click the "My Account" or the "View" tab again while on this page, it switches back to http://.
-------------------------
X - Switch back to http pages when there are no matches
X - Make secure only the listed pages.
Pages:
node/add*
node/*/edit
user
user/*
user/*/edit
admin
admin/*
cart/checkout
cart/checkout/review
cart/checkout/payment_details/*
cart/checkout/complete
uc_paypal/ipn/*
uc_paypal/wps/*
uc_paypal/wps/complete/*
cgi-bin/webscr
sign-up/co-plaintiff/*
Ignore pages:
*/autocomplete/*
*/ajax/*
Comments
Comment #1
levelos commentedConfirmed that this happens on ANY page. Just clicking on a link a second time toggles between http / https.
Comment #2
augiem commentedI'm not getting this behavior on any page but the user profile page /user as far as I've tested.
I also wanted to add, this doesn't seem to be related to #420712: Front page toggles between HTTP and HTTPS as there are no extra newlines in my configuration.
Comment #3
aw04obee commentedConfirm the behavior that
-IF coming from a page served in https://
-browsing to a page that should be served in https:// only
==> the page is served in http://
-browsing further to pages that should be served in https:// will alternate between http:// and https://
-browsing further to pages that should be served in http:// will be served in http://
I've briefly looked at the module, i am somewhat of a novice when it comes to php but as far as I can tell:
The behavior comes from function securepages_redirect(), specifically:
@153: elseif ($page_match && !securepages_is_secure()) {
@154: securepages_goto(TRUE);
which pages apparently don't pass, if coming from a secured page. By removing !securepages_is_secure() the correct behavior is achieved
Do have to say that I feel a bit weary about removing the test. what it does:
@259 return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? TRUE : FALSE;
is basically testing whether current page is secured. Don't understand why.
Can someone with some more php experience look further into this, perhaps? Anyway, for now easy fix.
Comment #4
aw04obee commentedhttp://drupal.org/node/291666 has some more info on it.
Thought about it for another minute and I really don't see why !securepages_is_secure() ought to be there.
Comment #5
augiem commentedHi,
I tried removing the !securepages_is_secure() @153, but am still seeing the same behavior.
Thanks!
Comment #6
adr_p commentedPlease see http://drupal.org/node/587000#comment-4519010.
Comment #7
astonvictor commentedI'm closing it because the issue was created a long time ago without any further steps.
if you still need it then raise a new one.
thanks