I'm setting up a site where users will register and log in to view content through the built-in users capability of drupal. Currently, if they try to log in using http:// they get access denied - it only works if they use https://. Flushing caches doesn't seem to have any effect here.
My second question is if there's a way to either not have to use https:// at all, or if there's a way to use a real certificate. If I do have to use https:// to authenticate users, I'd prefer not to have the first thing everyone sees be that security warning about an untrusted certificate.
Thanks for your help! site: ideaconnector.mit.edu