Post installation

Hi, yes i've searched and read through the previous topics on browser-caching issues but they don't solve my specific issue.. as they mention modifying the .htaccess but mine already has that fix inside it, but the problem is still there.

I'm using Opera 8.5 on Ubuntu Linux 5.04..
Drupal install is 4.6.3 installed using Fantastico

I don't get stale pages on login or logout, but do everywhere else. Particularly annoying considering the forum is a vital part of my drupal install.

Hi ppl, i struggled a lot and then thought its better i seek help from all you guys.

Basically i want to pass on the node title to the Chitika javascript, to show relevant ads to the visitor.

i saw in page.tpl.php, the title as
<?php print $title ?>

and i want this title variable to be used here
ch_query = "title";

in the javascript.

I tried putting it as it easy with PHP tags, without php tags, just $title, but nothing seems to work.

Setting up some profile fields was no problem, and I understand how to link to a user's profile for display. But how can I use a profile field value within a block? For example I'd like to have a "Welcome $profile_first_name" block for logged-in users. I understand how to use the $user global object in my block to display content for a logged-in user only, but when I print_r($user) it shows none of the profile fields. So how do I access those values?

I'd like my aggregators to drop all items after say 100 to 150. Right now, I can do it manually by clicking "remove items" under aggregator in the menu. Is there anyway to get it to do this automatically when cron is run?

All,

I've seen several threads talking about SSL encryption for Drupal logins, but haven't found one outlining a complete and viable solution. I can't say that I've got a silver bullet for SSL logins (far from it), but I think I've got it working on my system. I'd like to share my setup in hopes that other people might derive related solutions. Of course, I'd also like feedback: I've been using Linux and Apache for less than a year, Drupal for only a few months, and I'm not even confident that I've actually implemented secure logins. I'd greatly appreciate any sanity checks, suggestions, criticisms, or best practices that people want to offer.

This gist of my approach uses mod_rewrite to redirect users into secure "https://" pages when they're submitting sensitive information, and automatically bring them back to plain "http://" pages when they resume less critical activities. This involves the normal Apache tricks, plus (at least in my case) running parallel http and https Drupal sites from a common codebase and database, and also moving Drupal's clean url rules out of the default .htaccess file.

With that said, I have taken the time to compose a "formal-ish" write up of my setup. If this works for people, I can keep updating it as I learn more, as Drupal changes, etc. Here we go...

1) Goals

• I wanted SSL encryption for transactions involving logins, passwords, and personal information; I did not want to host the entire site in an encrypted (https) space
• In addition to logins, I wanted a solution that encrypted administrative pages where logins and passwords can be set or changed.
• I wanted the solution to work with multisite Drupal installations (specifically unique sites with unique hostnames and databases)
• I wanted the solution to work with and without Drupal's clean URLs

2) Assumptions

• Apache is up and running with mod_ssl and mod_rewrite installed, enabled, and configured
• Apache is listening for traffic on both http and https ports (usually 80 and 443; different in my case, described below)
• You have write access to Apache's httpd.conf (I'm self-hosting; I can't speak to hosted situations)

3) Complications
Half the machinations that follow wouldn't be necessary--or would be greatly simplified--if I had unrestricted inbound traffic to my server. As it is...

• My ISP blocks incoming traffic to port 80, so:
  • Normal http traffic (port 80) is redirected through dyndns.org and arrives to my server as "http://myhostname.dyn.mydomain.com:8080"
    • This could just as easily be "http://myhostname2.mydomain.com:81" or something else entirely; the point is simply that I'm stuck with the visible ":[port]"
  • Encrypted https traffic (port 443) is not blocked and thus not redirected; it arrives to my server as "https://myhostname.dyn.mydomain.com"
    • Note that the visible ":[port]" isn't required here: the server expects--and can get--incoming traffic on the default https port

4) Test Setup

• Ubuntu Linux 5.10
• Apache 2.0.54
• Drupal 4.6.3
• Drupal codebase directory: /var/www/drupal/
• Site 1, http base url: http://firsthost.dyn.mydomain.com:8080
• Site 1, https base url: https://firsthost.dyn.mydomain.com
• Site 2, http base url: http://secondhost.dyn.mydomain.com:8080
• Site 2, https base url: https://secondhost.dyn.mydomain.com

5) Drupal Configuration

It has dawned on me serveral times, and I can't quite seem to figure it out - but when using a trailer/teaser it usually ends at a sentence and often ends at a paragraph which does not intuitively let the reader know that there is more.

For example if a teaser cut off at the end of that sentence, you might not know there was more (except you know i'm asking a question) where as....

if i end the sentence like that, you know you haven't gotten everything.