XF 1.2 Facebook Session Closes on Activity

[Motobaka]

Some people that login with Facebook report that they get disconnected when they do something like clicking to see a thread.


They are able to get around it by closing all Facebook sessions. Then when they try to enter since they don’t have a password they ask for a new one and are able to enter by providing their email and the new password.


Is this a known issue? And is there a solution?

 

[Lucas]

Are you sure it's something like clicking a thread and not simply accessing the site without www or vice-versa, since the domain cookie is different? I just tried registering your site through Facebook and seems fine.

For example, your board notice has a link to Liga 883 that uses no www, therefore if I click it I appear logged out and have to go back to the www address. You could implement an .htaccess rewrite or nginx rule to avoid this issue.

RewriteCond %{HTTP_HOST} !^domain\.com$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

 

[Motobaka]

Thanks for your suggestion. I’m not actually sure if this is because they click something it might very much be what you say. I have a question though. Is this going to affect the rest of the people that are not registered through Facebook? Something like the reverse effect?


Sorry for the noob question but:

Just to make sure that I get your fix right; I just change the domain.com to my real domain right?

 

[Lucas]

That's correct. This might affect those that are currently logging to the forum without the www as they'll be forced to relog, but that's about it, no other issues should arise and should solve people going to the one they're not logged in and experiencing this issue, if it's not something else.

 

[Motobaka]

Thank you very much.

I have done the htacces fix you mentioned; now let’s see how it goes.

 

[Lucas]

Make sure you place it like this:

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain\.com$
    RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>

 

[Motobaka]

Thanks, just corrected it.