Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This project is not covered by Drupal’s security advisory policy.
#D7CX: This functionality is in Drupal 7 core so this module will not be ported. Please stay tuned for the securepages port.
This is an add-on to the Secure Pages module that will prevent hijacked sessions from accessing SSL pages, yet still allow users to stay logged in when browsing non-SSL pages.
The login form is also secured, both on the user page and the login block.
This module is recommended for most securepages users. (One possible exception is if you have set session.cookie_secure, and you have "Switch back to http" disabled in the securepages settings.)
Please do consider carefully the inherent limitations of mixed HTTP / HTTPS sessions. For an analysis of various approaches to using SSL, see this article on crackingdrupal.com.
Project information
Maintenance fixes only
Considered feature-complete by its maintainers.- Module categories: Administration Tools, Security
57 sites report using this module- Created by grendzy on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
