XF 1.3 SSL Questions, Keeping users logged in & auto fill in password?

surfsup

Well-known member
1. We just switched our forum over to use SSL and we setup the 301 redirects. My question is how can our members including myself 'stay' logged in for over a period of time? For instance if I visit xenforo here and close my laptop, then open it back up and visit xenforo I am still logged in. But if

2. When visiting the website in https the members has to put in their password every single time, the auto-fill nor save password is available. Any recommendations?

thanks
 
1. Make sure the remember me box has been checked...
2. That's a browser issue.
Yes that is all correct, but people are also clicking on internal links and its logging them out as they are http not https but we have setup a 301 redirect for all http links...we are a big board and a ton of people are texting+calling me plus posting issues on the forum.
 
If it's the link in your sig, it's not forcing SSL which will cause issues.

Try this in your htaccess or conf
Code:
# Force non-ssl and non www to https
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} !^www.truckmountforums\.com$
RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]

I'm also seeing mixed content warnings on your site.
 
Last edited:
another member said this:

I keep getting logged out on my phone browser as well, just checked and it did it again. The last time there was an update to the format of the site it made it so it takes at least 5 minutes for me to log in on my phone browser.
 
If it's the link in your sig, it's not forcing SSL which will cause issues.

Try this in your htaccess or conf
Code:
# Force non-ssl and non www to https
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} !^www.truckmountforums\.com$
RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]

I'm also seeing mixed content warnings on your site.
what should it be in htaccess then?
 
That code should work fine in .htaccess
It will force all requests (with a 301) to https

Without it, your site is available via both http and https which causes cookie issues. Also, make sure you are using link and image proxy to get rid of the mixed comment warnings. The setting is in your ACP

If you were asking 'where' in .htaccess:
Code:
# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

RewriteEngine on
# RewriteBase /

# Force non-ssl and non www to https
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} !^www.YOUR_DOMAIN\.com$
RewriteRule ^(.*)$ https://www.YOUR_DOMAIN.com/$1 [R=301,L]

# vbSEO to XF rewrites
RewriteRule [^/]+/([\d]+)-.+.html /forum/showthread.php?t=$1 [NC,L]
RewriteRule [^/]+/([\d]+)-.+-([\d]+).html /forum/showthread.php?t=$1&page=$2 [NC,L]

# XF Friendly URLs
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
 
Last edited:
That code should work fine in .htaccess
It will force all requests (with a 301) to https

Without it, your site is available via both http and https which causes cookie issues. Also, make sure you are using link and image proxy to get rid of the mixed comment warnings. The setting is in your ACP

If you were asking 'where' in .htaccess:
Code:
# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

RewriteEngine on
# RewriteBase /

# Force non-ssl and non www to https
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} !^www.YOUR_DOMAIN\.com$
RewriteRule ^(.*)$ https://www.YOUR_DOMAIN.com/$1 [R=301,L]

# vbSEO to XF rewrites
RewriteRule [^/]+/([\d]+)-.+.html /forum/showthread.php?t=$1 [NC,L]
RewriteRule [^/]+/([\d]+)-.+-([\d]+).html /forum/showthread.php?t=$1&page=$2 [NC,L]

# XF Friendly URLs
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
This is what our htaccess looks like currently;
Code:
#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default



RewriteEngine On
#https
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,QSA]
........


# non-www to www
RewriteCond %{HTTP_HOST} ^truckmountforums.com
RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]



<IfModule mod_rewrite.c>
    RewriteEngine On

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    RewriteBase /



    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml) - [NC,L]
        RewriteRule (robots\.txt)$ robots.php [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
RewriteRule ^[^/]+/mobile /threads/tmf-mobile-app-free-limited-time.37750/ [R=301,L]
RewriteRule ^[^/]+/freehandout /resources/free-customer-google-yelp-facebook-review-guide-handout.190/ [R=301,L]
</IfModule>
 
Last edited:
# Comment these out so you can bring them back if this doesn't work :):
Code:
#https
# RewriteCond %{HTTPS} !=on
# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,QSA]
Code:
# non-www to www
# RewriteCond %{HTTP_HOST} ^truckmountforums.com
# RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]



And add this (just above your vbseo rule and below RewriteEngine On) which will take the place of both those directives (force www and force https):
Code:
# Force non-ssl and non-www to https
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} !^www.truckmountforums\.com$
RewriteRule ^(.*)$ https://www.truckmountforums.com/$1 [R=301,L]
 
Last edited:
Top Bottom