XF 1.5 HTTP vs HTTPS Login Expiration

PhoGro

PhoGro

Member
Recently upgraded my site from HTTP to HTTPS and things are working smoothly except for the simple issue that logins are not being consistently remembered. Even when the "remember be" check box is ticked some members are logged out upon subsequent visits to the site.

One idea I had is that there's a disconnect between HTTP and HTTPS versions of the site. If someone has a bookmark of the HTTP version of the site would the cookie be lost? I currently am not forcing HTTPS redirects, but all links within the site point to HTTPS versions so once you land there you'll be redirected to HTTPS on a subsequent page load.

Thanks for any advice!
 
Sort by date Sort by votes
PhoGro said:
If someone has a bookmark of the HTTP version of the site would the cookie be lost? I currently am not forcing HTTPS redirects
Click to expand...
This is likely the issue.

You should ensure that it is forced to HTTPS in the .htaccess file:
Code: 
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

fos
  • Question Question
XF 2.1 http vs. https
Replies
2
Views
398
fos
fos
zagman76
  • Question Question
http vs https cookie issue
Replies
11
Views
2K
rdn
R
Michael
  • Question Question
Cookie Time/Login Expiration
Replies
2
Views
1K
Michael
Michael
Back
Top Bottom