The 443 Session module makes using HTTPS on your site simple. It is most useful for doing mixed HTTPS where some pages are sent via HTTP, and others via HTTPS. It can be used to protect credit card transactions or to protect against session hijacking (via tools such as Firesheep).
It also provides an API for designating if a page should be transmitted via HTTP or HTTPS.
How is this different from...
Setting up rewrite rules in .htaccess
While in theory it is possible to do this, it turns out to be very complicated once you consider things like login forms, canonical URLs, and AJAX. Nor is this method very robust - if $base_path changes, or if a login-block is added to a new page suddenly your site is no longer secure without any indication or warning.
Secure Pages module
In Drupal 6 Secure Pages module can only redirect users based on the URL path. This means that it cannot protect against session hijacking. You can use Secure Pages to protect URLs such as user* and admin* however this only gives the impression of security - it does little to keep data on these pages actually secure since any man-in-the-middle will have your PHP session cookie. Secure Pages is also not compatible with internationalization (i18n).
Secure Login module
Secure Login module cannot redirect authenticated users back to HTTPS if they accidentally visit a page via HTTP. Nor can it enforce a canonical URL for anonymous users. Nor can it be used to protect additional paths (such as a shopping cart). Secure Login only has partial support for internationalization (i18n).
443 Session module combines the best parts from both of the above modules.
Status for Drupal 7
Early on in development there was both a D7 and D6 version. The D6 version was completely rewritten to overcome many of the issues that shared by the above listed modules. Once the D6 version becomes stable it will be fore-ported to D7.
More information about HTTPS
See
Enabling HTTP Secure (HTTPS)
Developed by
Dave Hansen-Lange
Advomatic LLC
http://advomatic.com
Kevin Mathis
http://www.laudr.com
Project Information
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: E-commerce, Path Management, Security, User Access & Authentication
- Reported installs: 392 sites currently report using this module. View usage statistics.
- Last modified: September 8, 2011
