$Id: README.txt,v 1.2 2007/05/23 10:01:28 avf Exp $

Secure Login module README

This module enables secure logins by redirecting the login form to a
different address.  In practice, this address would be an address
through which the same Drupal site is accessible, but via SSL.  The
module can also do the same for the user edit form and the user
registration form, so that passwords are never sent in cleartext.

See INSTALL.txt for instructions on how to install the module.

The module itself only modifies the appropriate forms.  You will
probably want to redirect users back to the insecure site after they
have logged in (changed their password, etc.).  To do this, you need to
set $base_url in settings.php to point to your insecure URL.

In most cases, if your Drupal site lives at http://host/dir/, you will
want the secure site to be accessible via https://host/dir/.  In all
cases, the hostnames must match, since otherwise, the secure host will
set a cookie which will not be sent to the insecure host, which will
break logins.  The directory must also match if you have RewriteBase set
in .htaccess.

You can set which of the three forms (login, user edit, user
registration) are secured by this module in the module settings,
although there will usually be no reason why you would not want all
three to be secured.

