Hello! If you are logged in at two computers, and you will logout in one, the second will cause infinite redirect loop, if module securepages is installed and "redirect back to http" checkbox checked.

I fixed it by adding this code at the end of auth_ssl_redirect_boot() function:

<?php
if (!isset($_SERVER['HTTPS']) && !$user->uid && isset($_COOKIE['AUTHSSL'])) {
....
}
// fix starts here
  elseif(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on' && !$user->uid)
  {
     $domain = _auth_ssl_redirect_cookie_domain();
     // Delete the AUTHSSL cookie.
     setcookie('AUTHSSL', 'deleted', REQUEST_TIME - 3600, '/', $domain, FALSE);
     unset($_COOKIE['AUTHSSL']);
  }
?>

Please commit it.

Comments

ArtActivator.com’s picture

A little update... added check if cookie is set. This code:

<?php
if (!isset($_SERVER['HTTPS']) && !$user->uid && isset($_COOKIE['AUTHSSL'])) {
....
}
// fix starts here
  elseif(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on' && !$user->uid && isset($_COOKIE['AUTHSSL']))
  {
     $domain = _auth_ssl_redirect_cookie_domain();
     // Delete the AUTHSSL cookie.
     setcookie('AUTHSSL', 'deleted', REQUEST_TIME - 3600, '/', $domain, FALSE);
     unset($_COOKIE['AUTHSSL']);
  }
?>