1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

http vs https cookie issue

Discussion in 'Troubleshooting and Problems' started by zagman76, Oct 19, 2012.

  1. zagman76

    zagman76 Member

    Hello - I apologize if this has been reported/addressed - I did not see it here.

    I am having a problem on my forum where people keep getting logged out if their entry/login URL is different than what I have set in the Admin CP. I have a few different versions of the domain (.com, .net, .org), but only have the .com set in the CP. Now, the technically different domains aside, I also offer SSL on the .com version of the site.

    If you enter/login via the SSL URL, and then click on the 'Home' link (or other links it seems), you are immediately dropped out to the non-ssl version, and are logged out.

    Any assistance would be appreciated, and please let me know if you need any additional info from me.
     
  2. bubbl3

    bubbl3 Active Member

    I guess this is the normal behaviour, it worked like this for me in vb 3.8 too.

    I have multiple domains, http and https, what i suggest you to do is to put in place some rewrite rules to force everybody on a single domain and https.
     
  3. zagman76

    zagman76 Member

    When I was using vB, I never had this issue - vB always seemed to make the links relative to the entry URI. Unfortunately I can't force SSL because my ads don't show when I do that.
     
  4. bubbl3

    bubbl3 Active Member

    Yes it is true vb made the links relative, but not the home link if for example you had http instead of https defined as default, also if someone linked another domain or protocol you would have the problem too.

    You can resolve the multi domain with rewrites, any idea why the ads don't show with https?
     
  5. zagman76

    zagman76 Member

    That's true - I originally was doing both, and forcing the SSL version.

    The users are prompted by their browsers with a SSL error because of the mixed content. If they don't allow the mixed content, they won't see the ads. :(
     
  6. bubbl3

    bubbl3 Active Member

    I guess you are using google adsense then, for some reason they think is better for you to not show ads than your users getting a warning they are leaving a secure page when they click the ads. I find it unbelievable that google hasn't addressed this issue yet, SSL is widely used now :(

    http://support.google.com/adsense/bin/answer.py?hl=en&answer=10528
     
  7. zagman76

    zagman76 Member

    Yes - that is correct! And with everything else that Google slaps a cert on, I'm surprised they haven't figured out a way to do it on the adsense content.
     
  8. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    bubbl3 likes this.
  9. bubbl3

    bubbl3 Active Member

    Just in case you use nginx or someone that does finds this thread, this is an example configuration to both force https and www:
    Code:
    server {
    listen xxx.xxx.xxx.xxx:80;
    server_name yourdomain.com www.yourdomain.com;
    rewrite ^ https://www.yourdomain.com$request_uri? permanent;
    }
     
    server {
          listen xxx.xxx.xxx.xxx:443 ssl;
     
          ssl_certificate /path/yourdomain.crt.pem;
          ssl_certificate_key /path/yourdomain.key.pem;
           
          server_name yourdomain.com;
     
      rewrite ^ https://www.yourdomain.com$request_uri? permanent;
    }
     
    Jake Bunce likes this.
  10. RoldanLT

    RoldanLT Well-Known Member

  11. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Just one after the other, in either order:

    Code:
    #	Mod_security can interfere with uploading of content such as attachments. If you
    #	cannot attach files, remove the "#" from the lines below.
    #<IfModule mod_security.c>
    #	SecFilterEngine Off
    #	SecFilterScanPOST Off
    #</IfModule>
    
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default
    
    <IfModule mod_rewrite.c>
    	RewriteEngine On
    
    	# Force www
    	RewriteCond %{HTTP_HOST} !^www\.yoursite\.com$
    	RewriteRule ^(.*)$ http://www.yoursite.com/forum/$1 [R=301,L]
    
    	# Force https
    	RewriteCond %{SERVER_PORT} 80
    	RewriteRule ^(.*)$ https://www.yoursite.com/forum/$1 [R,L]
    
    	#	If you are having problems with the rewrite rules, remove the "#" from the
    	#	line that begins "RewriteBase" below. You will also have to change the path
    	#	of the rewrite to reflect the path to your XenForo installation.
    	#RewriteBase /xenforo
    
    	#	This line may be needed to enable WebDAV editing with PHP as a CGI.
    	#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
    	RewriteCond %{REQUEST_FILENAME} -f [OR]
    	RewriteCond %{REQUEST_FILENAME} -l [OR]
    	RewriteCond %{REQUEST_FILENAME} -d
    	RewriteRule ^.*$ - [NC,L]
    	RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    	RewriteRule ^.*$ index.php [NC,L]
    </IfModule>
    
     
    Evina likes this.
  12. RoldanLT

    RoldanLT Well-Known Member

    Why is Google adsense not loaded with https: https://www.phcorner.net/ ?
     

Share This Page