JJ, It's an http:// request - the access denied is coming from Drupal. Drupal is creating a session for the login. I found a 'fix' on the drupal forum which involved clearing all private data, (cookies, cache, etc). When I did this Drupal allowed the login and presented the correct page. This problem seems to be mainly FF related though other users report it on IE and it goes back through various versions of Drupal and browsers. There doesn't seem to be any explanation of the cause of the issue, or a satisfactory resolution. So I'm a little confused if this is a Drupal or browser problem - I tend to opt for a Drupal issue as I haven't seen this kind of problem anywhere else. Which makes me not want to use Drupal, if users are going to hit this problem. However, thanks for the explanation of the FF https issue - I wasn't aware of this. Regards Simon Simon MacDonald www.lemonslicedesign.com -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeffrey Joslin Sent: 20 August 2008 21:23 To: thelist at lists.evolt.org Subject: Re: [thelist] Drupal/Firefox Access issue Simon MacDonald wrote: ... > I've just put up a test install of Drupal v6.3 (installed using Fantastico > on my ISP web space). Access is fine using IE and Safari, but with Firefox > 3, I login as admin and get access denied. It just occurred to me that this sounds an awful lot like it may be related to the controversial issue of how Firefox 3.0 now handles self-signed certificates. So, are you attempting to log in via a secure (https:// ) link, via your own self-signed certificate (instead of a paid, cert-authority chained certificate)? If you have been attempting to connect via a secure (https:// ) connection, have you tried connecting directly to the site in the usual http://site.com format? Background: The new Firefox 3 immediately and automatically rejects attempts to connect to servers with self-signed certificates and immediately dumps the user to a scary looking "access denied" security warning screen similar to what you mention. The other major browsers (such as IE and Safari), on the other hand, simply ask the user if they'd like to accept the self-signed certificate being offered to complete the connection, easy as clicking an "ok" button when prompted. This has caused a major controversy out there with many calling this default rejection by Firefox 3 a browser-based violation of net neutrality concepts, forcing hosts to pay for expensive chained certificates just to avoid outright rejection and scary security messages displayed to users. It is possible for the user to go back and manually add a security exception for each self-signed certificate one encounters in Firefox 3 once reaching the site has failed and one had arrived at the security warning / access failure screen. But first of all the user has to understand that is an option (and that it's their browser that is failing, not the server/host in question...). From there it is a user-initiated series of two or three steps to manually load the certificate in question and add it in as an exception, each step of which provides potential points of intimidation and/or user drop-off. So back to the question above...is this happening to you via https:// connections, or via *all* connections attempted, even as just plain http://... ? Curious. jj -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !