Posted by grendzy on January 28, 2009 at 8:22pm
#D7CX: This functionality is in Drupal 7 core so this module will not be ported. Please stay tuned for the securepages port.
This is an add-on to the Secure Pages module that will prevent hijacked sessions from accessing SSL pages, yet still allow users to stay logged in when browsing non-SSL pages.
The login form is also secured, both on the user page and the login block.
This module is recommended for most securepages users. (One possible exception is if you have set session.cookie_secure, and you have "Switch back to http" disabled in the securepages settings.)
Please do consider carefully the inherent limitations of mixed HTTP / HTTPS sessions. For an analysis of various approaches to using SSL, see this article on crackingdrupal.com.
Downloads
Recommended releases
Development releases
Project Information
- Maintenance status: Actively maintained
- Development status: Maintenance fixes only
- Module categories: Administration, Security, Utility
- Reported installs: 4119 sites currently report using this module. View usage statistics.
- Automated tests: Enabled
- Last modified: March 19, 2011
