Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I've installed this module and configured it to work with user* as I read in another post to secure the user login page. The issue I'm having is that it does not secure the /user page until I visit "Create New Account" or another secure page. I even tried adding "user" into the list without any wild card, just hoping to get it to work. Any ideas on what to try?
Thanks,
Shane
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | 65632-4-securepages-user_page_isnt_secure.patch | 599 bytes | James Andres |
Comments
Comment #1
izzysanime commentedHi, Same problem here.
I have the following in the list
user
user*
user/*
I noticed for me, that the url is actually https, however firefox will say that the page is only partially encrypted.
Thanks,
Josh
Comment #2
adr_p commentedPlease see http://drupal.org/node/587000#comment-4519010.
Comment #3
grendzy commentedI haven't been able to reproduce this - more details are needed.
Comment #4
James Andres commentedI've just installed securepages and had the same experience (/user is not secured, but /user/login; /user/register and /user/password are secured). I think I have an idea of what is going on here.
The trouble is the default variable settings for the "securepages_pages" variable differs throughout the code. In the securepages_match() function the /user path is not secured by default; however, on the admin page it appears that /user IS secured by default. So for any user who never clicks the "Save" button on the admin page they will get this odd behaviour.
Here is a patch which makes them all the same.
Comment #5
James Andres commentedComment #6
astonvictor commentedI'm closing it because the issue was created a long time ago without any further steps.
if you still need it then raise a new one.
thanks