This project is not covered by Drupal’s security advisory policy.

#D7CX: This functionality is in Drupal 7 core so this module will not be ported. Please stay tuned for the securepages port.

This is an add-on to the Secure Pages module that will prevent hijacked sessions from accessing SSL pages, yet still allow users to stay logged in when browsing non-SSL pages.

The login form is also secured, both on the user page and the login block.

This module is recommended for most securepages users. (One possible exception is if you have set session.cookie_secure, and you have "Switch back to http" disabled in the securepages settings.)

Please do consider carefully the inherent limitations of mixed HTTP / HTTPS sessions. For an analysis of various approaches to using SSL, see this article on

Project information