Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Auth SSL Redirect works well when serving pages from Drupal's page cache, but there are other scenarios where hook_boot is never called and authenticated users are served an anonymous cached http:// page. One example is when Varnish is being used as a reverse proxy and the Secure Login module is enabled, which does not use mixed mode SSL so a SESS cookie is never created.
The Varnish VCL (or similar) could certainly be modified to look for the AUTHSSL=1 cookie, but it might be ideal to add a js redirect to the module to provide more of a catch all solution.
Comments
Comment #1
gg4 CreditAttribution: gg4 commentedComment #2
gg4 CreditAttribution: gg4 commented