Auth SSL Redirect works well when serving pages from Drupal's page cache, but there are other scenarios where hook_boot is never called and authenticated users are served an anonymous cached http:// page. One example is when Varnish is being used as a reverse proxy and the Secure Login module is enabled, which does not use mixed mode SSL so a SESS cookie is never created.

The Varnish VCL (or similar) could certainly be modified to look for the AUTHSSL=1 cookie, but it might be ideal to add a js redirect to the module to provide more of a catch all solution.

Comments

gg4’s picture

Title: Add support for Varnish or non-bootstrapped requests » Add support for Varnish, non-bootstrapped requests, and non-mixed mode SSL
Issue summary: View changes
gg4’s picture

Title: Add support for Varnish, non-bootstrapped requests, and non-mixed mode SSL » Add support for Varnish, non-bootstrapped requests, and non mixed-mode SSL