When user's register for a new account the confirmation e-mail that contains the one time login allows them to login via HTTP rather than HTTPS.

Comments

sikjoy’s picture

sikjoy commented
Status: Active » Fixed

Added implementation of hook_mail_alter() to alter links in e-mails generated by the user module to use HTTPS.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.