Site not SSL until logged in?

Satix

Member
SOLVED: Make sure the HTTPS redirect is directly underneath RewriteEngine, like so:
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 
Last edited:
Hi @Satis,

Looks like you just need to setup a redirect for HTTP to HTTPs for those that may have outdated bookmarks (and to ensure users don't get logged out if they try to login to the not HTTP version and vice versa).

When I access your link above it loads HTTPs fine for me.
 
Hi @Satis,

Looks like you just need to setup a redirect for HTTP to HTTPs for those that may have outdated bookmarks (and to ensure users don't get logged out if they try to login to the not HTTP version and vice versa).

When I access your link above it loads HTTPs fine for me.

It should already be set up. I have it set like this in .htaccess: http://i.imgur.com/Zz4Fbsi.png

And I have $_SERVER['HTTPS'] = 'on'; set in config.php. Did I set this up correctly? Unfortunately, it seems to only happen to certain users.

Thank you so much for the response, I really appreciate your time.
 
You shouldn't need to put $_SERVER['HTTPS'] in config.php, unless your server isn't passing the correct header.

I have the following in .htaccess which works for me:
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 
I'm getting ready to call my host as I'm having the same problem with my users that have it book mark as http vs https

So what is the correct method for fixing the problem.
 
I'm getting ready to call my host as I'm having the same problem with my users that have it book mark as http vs https

So what is the correct method for fixing the problem.
I put this in my .htaccess file. Do note that this will remove the www as well and I don't know how to (or want to) add it back:
Code:
    RewriteEngine On

    # match any URL with www and rewrite it to https without the www
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
    RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]

    # match urls that are non https (without the www)
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This fixed it for me.
 
Code:
    RewriteEngine On

    # match any URL with www and rewrite it to https without the www
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
    RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]

    # match urls that are non https (without the www)
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

So your saying the above code work for you?
 
Code:
    RewriteEngine On

    # match any URL with www and rewrite it to https without the www
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
    RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]

    # match urls that are non https (without the www)
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

So your saying the above code work for you?
Yes.
 
Ok, thanks very much. We change over to https from http and it was causing major problems with my members who had bookmark the page or there cookie need to deleted. We turn off the https and went back to http because 30% of the members couldn't get login or find the site.
 
Back
Top Bottom