1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.3 SSL Questions, Keeping users logged in & auto fill in password?

Discussion in 'XenForo Questions and Support' started by surfsup, Aug 13, 2014.

  1. surfsup

    surfsup Well-Known Member

    1. We just switched our forum over to use SSL and we setup the 301 redirects. My question is how can our members including myself 'stay' logged in for over a period of time? For instance if I visit xenforo here and close my laptop, then open it back up and visit xenforo I am still logged in. But if

    2. When visiting the website in https the members has to put in their password every single time, the auto-fill nor save password is available. Any recommendations?

    thanks
     
  2. Liam W

    Liam W Well-Known Member

    1. Make sure the remember me box has been checked...
    2. That's a browser issue.
     
    surfsup likes this.
  3. surfsup

    surfsup Well-Known Member

    Yes that is all correct, but people are also clicking on internal links and its logging them out as they are http not https but we have setup a 301 redirect for all http links...we are a big board and a ton of people are texting+calling me plus posting issues on the forum.
     
  4. surfsup

    surfsup Well-Known Member

    Its like every 10 minutes I get logged out of the forum
     
  5. melbo

    melbo Well-Known Member

    If it's the link in your sig, it's not forcing SSL which will cause issues.

    Try this in your htaccess or conf
    Code:
    # Force non-ssl and non www to https
    RewriteCond %{SERVER_PORT} 80 [OR]
    RewriteCond %{HTTP_HOST} !^www.truckmountforums\.com$
    RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]
    I'm also seeing mixed content warnings on your site.
     
    Last edited: Aug 14, 2014
  6. surfsup

    surfsup Well-Known Member

    another member said this:

    I keep getting logged out on my phone browser as well, just checked and it did it again. The last time there was an update to the format of the site it made it so it takes at least 5 minutes for me to log in on my phone browser.
     
  7. surfsup

    surfsup Well-Known Member

    what should it be in htaccess then?
     
  8. melbo

    melbo Well-Known Member

    That code should work fine in .htaccess
    It will force all requests (with a 301) to https

    Without it, your site is available via both http and https which causes cookie issues. Also, make sure you are using link and image proxy to get rid of the mixed comment warnings. The setting is in your ACP

    If you were asking 'where' in .htaccess:
    Code:
    # Mod_security can interfere with uploading of content such as attachments. If you
    # cannot attach files, remove the "#" from the lines below.
    <IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>
    
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default
    
    RewriteEngine on
    # RewriteBase /
    
    # Force non-ssl and non www to https
    RewriteCond %{SERVER_PORT} 80 [OR]
    RewriteCond %{HTTP_HOST} !^www.YOUR_DOMAIN\.com$
    RewriteRule ^(.*)$ https://www.YOUR_DOMAIN.com/$1 [R=301,L]
    
    # vbSEO to XF rewrites
    RewriteRule [^/]+/([\d]+)-.+.html /forum/showthread.php?t=$1 [NC,L]
    RewriteRule [^/]+/([\d]+)-.+-([\d]+).html /forum/showthread.php?t=$1&page=$2 [NC,L]
    
    # XF Friendly URLs
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
     
    Last edited: Aug 14, 2014
  9. surfsup

    surfsup Well-Known Member

    This is what our htaccess looks like currently;
    Code:
    #    Mod_security can interfere with uploading of content such as attachments. If you
    #    cannot attach files, remove the "#" from the lines below.
    #<IfModule mod_security.c>
    #    SecFilterEngine Off
    #    SecFilterScanPOST Off
    #</IfModule>
    
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default
    
    
    
    RewriteEngine On
    #https
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,QSA]
    ........
    
    
    # non-www to www
    RewriteCond %{HTTP_HOST} ^truckmountforums.com
    RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]
    
    
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        #    If you are having problems with the rewrite rules, remove the "#" from the
        #    line that begins "RewriteBase" below. You will also have to change the path
        #    of the rewrite to reflect the path to your XenForo installation.
        RewriteBase /
    
    
    
        #    This line may be needed to enable WebDAV editing with PHP as a CGI.
        #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml) - [NC,L]
            RewriteRule (robots\.txt)$ robots.php [NC,L]
        RewriteRule ^.*$ index.php [NC,L]
    RewriteRule ^[^/]+/mobile /threads/tmf-mobile-app-free-limited-time.37750/ [R=301,L]
    RewriteRule ^[^/]+/freehandout /resources/free-customer-google-yelp-facebook-review-guide-handout.190/ [R=301,L]
    </IfModule>
     
    Last edited: Aug 14, 2014
  10. melbo

    melbo Well-Known Member

    # Comment these out so you can bring them back if this doesn't work :):
    Code:
    #https
    # RewriteCond %{HTTPS} !=on
    # RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,QSA]
    Code:
    # non-www to www
    # RewriteCond %{HTTP_HOST} ^truckmountforums.com
    # RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]


    And add this (just above your vbseo rule and below RewriteEngine On) which will take the place of both those directives (force www and force https):
    Code:
    # Force non-ssl and non-www to https
    RewriteCond %{SERVER_PORT} 80 [OR]
    RewriteCond %{HTTP_HOST} !^www.truckmountforums\.com$
    RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]
    
     
    Last edited: Aug 14, 2014
    surfsup likes this.
  11. melbo

    melbo Well-Known Member

    This is your htaccess with edits made. you'd need to rename :)
    It should work so that all forms of your url resolve to your https://www version
     

    Attached Files:

    surfsup likes this.
  12. surfsup

    surfsup Well-Known Member

    Big thanks!!! You're more than awesome!! This worked greeeeeat and even when ppl type in the non-http link it still keeps then logged in...awesome stuff=!
     
    melbo likes this.
  13. melbo

    melbo Well-Known Member

Share This Page