Forum OpenACS Development: Return URL checking on login breaks when switching from HTTPS to HTTP

If you are visiting an HTTP page, and try to do someting that redirects to login, say, edit a wiki page, and the login page requires HTTPS, the return_url will be http://yoursite/wiki since the code "knows" you are going back to http after you login.

So this check http://cvs.openacs.org/cvs/openacs-4/packages/acs-subsite/lib/login.tcl?r1=1.26&r2=1.26.2.1
needs to be a little more clever I think and allow http://thissite and https://thissite to be passed in the return url.

Comments?

I changed the check to this:

    if {[util_complete_url_p $return_url] && ![regexp "^[ad_url]" $return_url]} {

And that works if your register page is HTTPS and you redirect to HTTP. That should cover almost every case. I can't imagine you would have an HTTP login page, but redirect to HTTPS.

Is this reasonable? It checks if the redirect matches the system url as specified in the acs-kernel parameters.