1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Error trying to test permissions

Discussion in 'Troubleshooting and Problems' started by Will, Mar 27, 2012.

  1. Will

    Will Active Member

    I get this error when clicking Test Permissions.

    "Please login via the public login page before testing permissions."

    It used to work before but now it doesn't. I don't understand this because I am already logged in.
     
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Are you logged in to the front end? Maybe you are only logged in to the Admin CP.
     
  3. Will

    Will Active Member

    Yes, I am logged in. When I click the Admin CP link and I sign in, it logs me out of the frontend. The Test Permissions page shows up but I actually can't test it because I'm not logged in on the frontend. So when I do log in, it then gives me the error.
     
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Login to the Admin CP, then login to the front end. Then test the permissions.

    Alternatively you can open another browser to login as a separate user and test permissions that way.
     
  5. Will

    Will Active Member

    I found out that it had to do with my .htaccess file. I removed everything that is in there for xF by default and it now works. Any idea why?

    Edit: Nevermind. Seems as it is conflicting with my redirects.
     
  6. Will

    Will Active Member

    Can anyone help me sort out my redirects. I want something like this but I'm no pro at this stuff so I appreciate any tips. Basically I want to use https on admin.php, get rid of the http, and remove https on the frontend. As said in this thread before, it won't allow me to Test Permissions but I believe I had it working before. I recently setup Nginx to serve static content so I don't know if that changed anything. I rather get some input from people that know a little more than me.

    Code:
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} forums/admin.php
    RewriteRule ^(.*)$ https://domain.com/forums/$1 [R,L]
     
    RewriteCond %{HTTPS} on
    RewriteRule ^/?$ http://domain.com/forums/ [R=301,L]
     
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain\.com$
    RewriteRule ^(.*)$ http://domain.com/forums/$1 [R=301,L]
     
  7. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    http and https may have different cookie scopes. I came across one proposed solution which is to set your cookie domain. You can set the cookie domain by adding this code to the library/config.php file:

    Code:
    $config['cookie'] = array(
    	'prefix' => 'xf_',
    	'path' => '/',
    	'domain' => 'domain.com'
    );
    
    This solution doesn't seem right to me, but I don't have a secure cert to test this.

    It may also have something to do with the Secure attribute of the cookie:

    http://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly

    In looking at the code I can see that XF enables this attribute when writing cookies over a secure connection. That would limit the scope of the cookie to https. Changing this requires modifying the files.
     

Share This Page