Posted by shanefjordan on November 11, 2010 at 4:58am
5 followers
| Project: | Secure Pages |
| Version: | 6.x-1.8 |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Issue Summary
I've installed this module and configured it to work with user* as I read in another post to secure the user login page. The issue I'm having is that it does not secure the /user page until I visit "Create New Account" or another secure page. I even tried adding "user" into the list without any wild card, just hoping to get it to work. Any ideas on what to try?
Thanks,
Shane
Comments
#1
Hi, Same problem here.
I have the following in the list
user
user*
user/*
I noticed for me, that the url is actually https, however firefox will say that the page is only partially encrypted.
Thanks,
Josh
#2
Please see http://drupal.org/node/587000#comment-4519010.
#3
I haven't been able to reproduce this - more details are needed.
#4
I've just installed securepages and had the same experience (/user is not secured, but /user/login; /user/register and /user/password are secured). I think I have an idea of what is going on here.
The trouble is the default variable settings for the "securepages_pages" variable differs throughout the code. In the securepages_match() function the /user path is not secured by default; however, on the admin page it appears that /user IS secured by default. So for any user who never clicks the "Save" button on the admin page they will get this odd behaviour.
Here is a patch which makes them all the same.
#5