When going to the user page of a logged in user, I get SSL on the first go. If I then click the "My Account" or the "View" tab again while on this page, it switches back to http://.

-------------------------

X - Switch back to http pages when there are no matches
X - Make secure only the listed pages.

Pages:
node/add*
node/*/edit
user
user/*
user/*/edit
admin
admin/*
cart/checkout
cart/checkout/review
cart/checkout/payment_details/*
cart/checkout/complete
uc_paypal/ipn/*
uc_paypal/wps/*
uc_paypal/wps/complete/*
cgi-bin/webscr
sign-up/co-plaintiff/*

Ignore pages:
*/autocomplete/*
*/ajax/*

Comments

levelos’s picture

Confirmed that this happens on ANY page. Just clicking on a link a second time toggles between http / https.

augiem’s picture

I'm not getting this behavior on any page but the user profile page /user as far as I've tested.

I also wanted to add, this doesn't seem to be related to #420712: Front page toggles between HTTP and HTTPS as there are no extra newlines in my configuration.

aw04obee’s picture

Confirm the behavior that
-IF coming from a page served in https://
-browsing to a page that should be served in https:// only
==> the page is served in http://

-browsing further to pages that should be served in https:// will alternate between http:// and https://
-browsing further to pages that should be served in http:// will be served in http://

I've briefly looked at the module, i am somewhat of a novice when it comes to php but as far as I can tell:

The behavior comes from function securepages_redirect(), specifically:

@153: elseif ($page_match && !securepages_is_secure()) {
@154: securepages_goto(TRUE);

which pages apparently don't pass, if coming from a secured page. By removing !securepages_is_secure() the correct behavior is achieved

Do have to say that I feel a bit weary about removing the test. what it does:

@259 return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? TRUE : FALSE;

is basically testing whether current page is secured. Don't understand why.

Can someone with some more php experience look further into this, perhaps? Anyway, for now easy fix.

aw04obee’s picture

http://drupal.org/node/291666 has some more info on it.

Thought about it for another minute and I really don't see why !securepages_is_secure() ought to be there.

augiem’s picture

Hi,

I tried removing the !securepages_is_secure() @153, but am still seeing the same behavior.

Thanks!

adr_p’s picture

Status: Active » Needs review
astonvictor’s picture

Issue summary: View changes
Status: Needs review » Closed (outdated)

I'm closing it because the issue was created a long time ago without any further steps.

if you still need it then raise a new one.
thanks