Spec URL: http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack.spec SRPM URL: http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack-6.x.1.5-1.fc12.src.rpm Description: This is an add-on to the Secure Pages module that will prevent hijacked sessions from accessing SSL pages, yet still allow users to stay logged in when browsing non-SSL pages. The login form is also secured, both on the user page and the login block. This module is recommended for most securepages users. (One possible exception is if you have set session.cookie_secure, and you have "Switch back to http" disabled in the securepages settings.) Please do consider carefully the inherent limitations of mixed HTTP / HTTPS sessions. For an analysis of various approaches to using SSL, see this[1] article on crackingdrupal.com. [1] - http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-possible-solutions
After some discussion on the fedora-logistics list, we've come to the conclusion that having the possibility to install multiple concurrent versions of drupal is desirable. The drupal-package is going to be renamed to drupal6 (rename review is pending). Additionally, the guidelines don't allow letters in the version (so no 6.x) - so please rename the package to drupal6-securepages_prevent_hijack-1.5. Once that is done, I'll do the review.
http://www.cora.nwra.com/~orion/fedora/drupal6-securepages_prevent_hijack.spec http://www.cora.nwra.com/~orion/fedora/drupal6-securepages_prevent_hijack-1.5-1.fc14.src.rpm
Please correct the license to GPLv2+, as all modules hosted in Drupal's CVS must be.
Ping? Any progress here? Or we can close this review?
Let's close.