Thu, 09 Apr 2026 14:48:25 +0000 https://bugs.horde.org/ticket/8528 Sidebar doesn't respect use_ssl setting The user stays on https after logging in. Wed, 26 Aug 2009 10:52:32 +0000 https://bugs.horde.org/ticket/8528#t55546 I don't see this. 1. URL to non-secure page 2. Redirected to non-secure login page, with POST action of secure-login page 3. Process login in horde/login.php. If verified, loads index.php. index.php either redirects to the original URL if given (see #1) or uses initial application settings. All of these initial application URLs are generated via url() or applicationUrl() without the force_ssl override. Mon, 31 Aug 2009 17:53:34 +0000 https://bugs.horde.org/ticket/8528#t55604 See bugs.horde.org. Mon, 31 Aug 2009 22:36:07 +0000 https://bugs.horde.org/ticket/8528#t55610 Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/horde/templates/index/frames_index.inc?rt=horde&r1=2.46&r2=2.47&ty=u Mon, 31 Aug 2009 23:27:40 +0000 https://bugs.horde.org/ticket/8528#t55612 This was only partially broken. The sidebar link in the frameset source was not a full URL. But everything in the main window was correctly loading non-securely. Mon, 31 Aug 2009 23:31:45 +0000 https://bugs.horde.org/ticket/8528#t55613 Now I see what the problem is. We no longer redirect after logging in, thus the frameset is loaded over HTTPS (by means of the login form), while the frames are plain HTTP. This should of course not happen, because it makes the user think he is accessing Horde over HTTPS. But it's probably not worth fixing this, when the frameset is going away anyway. Tue, 01 Sep 2009 08:23:04 +0000 https://bugs.horde.org/ticket/8528#t55617