XF 1.5 HTTP vs HTTPS Login Expiration

PhoGro

Member
Recently upgraded my site from HTTP to HTTPS and things are working smoothly except for the simple issue that logins are not being consistently remembered. Even when the "remember be" check box is ticked some members are logged out upon subsequent visits to the site.

One idea I had is that there's a disconnect between HTTP and HTTPS versions of the site. If someone has a bookmark of the HTTP version of the site would the cookie be lost? I currently am not forcing HTTPS redirects, but all links within the site point to HTTPS versions so once you land there you'll be redirected to HTTPS on a subsequent page load.

Thanks for any advice!
 

Brogan

XenForo moderator
Staff member
If someone has a bookmark of the HTTP version of the site would the cookie be lost? I currently am not forcing HTTPS redirects
This is likely the issue.

You should ensure that it is forced to HTTPS in the .htaccess file:
Code:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
Top