Index: openacs-4/packages/acs-subsite/lib/login.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/lib/login.tcl,v
diff -u -r1.30 -r1.31
--- openacs-4/packages/acs-subsite/lib/login.tcl	6 Sep 2008 04:00:56 -0000	1.30
+++ openacs-4/packages/acs-subsite/lib/login.tcl	7 Sep 2008 04:56:12 -0000	1.31
@@ -67,14 +67,15 @@
 
 set subsite_url [subsite::get_element -element url]
 set system_name [ad_system_name]
-ns_log Notice "acs_subsite/lib/login.tcl [subsite::get_url -absolute_p 1 -protocol http] [subsite::get_url -absolute_p 1 -protocol https]"
-ns_log Notice "acs_subsite/lib/login.tcl [security::get_secure_location] [security::get_insecure_location]"
-ns_log Notice "acs_subsite/lib/login.tcl [security::get_secure_qualified_url $return_url] [security::get_insecure_qualified_url $return_url]"
-ns_log Notice "acs_subsite/lib/login.tcl [lindex [security::locations] 0] [lindex [security::locations] 1]"
+
 if { [exists_and_not_null return_url] } {
-    if {[util_complete_url_p $return_url] 
-        && ![string match "[lindex [security::locations] 0]/*" $return_url] 
-	&& ![string match "[lindex [security::locations] 1]/*" $return_url]} {
+    set locations_list [security::locations]
+    # there may be as many as 3 valid full urls
+    set external_url [util_complete_url_p $return_url]
+    foreach location $locations_list {
+        set external_url [expr { $external_url && ![string match "$location/*" $return_url] } ] 
+    }
+    if { $external_url } {
       ad_returnredirect -message "only urls without a host name are permitted" "."
       ad_script_abort
     }
Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.49 -r1.50
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	6 Sep 2008 04:00:56 -0000	1.49
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	7 Sep 2008 04:56:12 -0000	1.50
@@ -1543,9 +1543,9 @@
 }
 
 ad_proc -public security::locations {} {
-    @returns insecure location and secure location as a list.
+    @returns insecure location and secure location (followed possibly by an alternate insecure location)  as a list.
 
-    The location consists of protocol://domain:port for website. This proc is ported from ec_insecure_location and ec_secure_location for reliably getting locations
+    The location consists of protocol://domain:port for website. This proc is ported from ec_insecure_location and ec_secure_location for reliably getting locations.  If acs-tcl's SuppressHttpPort parameter is true, then the alternate ec_insecure_location without port is appended to the list, since it is a valid alternate.
 } {
 
     # following from ec_preferred_drivers
@@ -1591,6 +1591,7 @@
     set insecure_port [ns_config -int "ns/server/[ns_info server]/module/$driver" Port 80]
     set insecure_location "http://[ns_config ns/server/[ns_info server]/module/$driver Hostname]"
     if {![empty_string_p $insecure_port] && ($insecure_port != 80)}  {
+        set alt_insecure_location $insecure_location
         append insecure_location ":$insecure_port"
     }
     
@@ -1618,6 +1619,10 @@
     if {![empty_string_p $secure_port] && ($secure_port != 443)}  {
         append secure_location ":$secure_port"
     }
+
     set locations [list $insecure_location $secure_location]
+    if { [info exists alt_insecure_location] && [parameter::get -parameter SuppressHttpPort -package_id [apm_package_id_from_key acs-tcl]] } {
+        lappend $alt_insecure_location
+    }
     return  $locations
 }
\ No newline at end of file