In our setup, users are automatically logged in during their first request (using a cookie). They never log out (there is no logout link or something; this is on an intranet). We also use HTTPS, and there is an Apache rewrite rule to automatically forward HTTP requests to the corresponding HTTPS request.

The problem we ran into, is that Drupal automatically logs you out when it is in maintenance mode. On logout, webserver_auth kicks you back to HTTP, which causes in our setup a redirect loop.

Therefore, we made a patch to make the HTTPS kickout optional. The patch is attached below; it would be great if it could be incorporated in a release soon!

CommentFileSizeAuthor
#1 webserver_auth-534366.patch1.63 KBsvdoord
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

svdoord’s picture

FileSize
1.63 KB
gaards’s picture

Issue summary: View changes
Status: Needs review » Closed (outdated)

Closed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.