working login with http and https

darkdiver

darkdiver

Member
Hi!
I have forum available on both http and https.
I can't just move forum to the https.
But I see the problem, if some body used https to login to the forum.
He is not logged in for http version of the forum and he even can't login to the http version.
As far as I understood the problem is that
xf_user, xf_session cookies are marked as secure cookies after https login.
How can I configure cookie settings NOT to mark them as secure in https login?
 
Sort by date Sort by votes
darkdiver said:
I can't just move forum to the https.
Click to expand...
Why not?

If you are using HTTPS, you should force the use of it - having the site available via both protocols is not recommended and will cause issues such as those you have mentioned.

If you don't want to force HTTPS, remove it completely.
 
Upvote 0 Downvote
Brogan said:
Why not?
Click to expand...
1. Too many embeded content from http resources.
2. Problem with great China firewall and ICP license.
But many users want https. And I have to use both.

In any case I know about problems, and I showed root of the problem and I need a solution.
Except throwing away pure http.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

JackieChun
  • Suggestion Suggestion
Lack of interest Use 301 instead of canonical tags for www and https redirects
Replies
0
Views
748
JackieChun
JackieChun
RippC
edit avatar results in browser "cookies required" error and http 400 server response. AWS involved why?
Replies
11
Views
1K
rdn
R
Pavle123
  • Question Question
XF 1.5 Xenforo SSL - I have both HTTP and HTTPS how to force only HTTPS?
Replies
3
Views
1K
TPerry
TPerry
Jawaad
  • Question Question
XF 1.5 How to add new URL variable template for http and https
Replies
5
Views
2K
Jawaad
Jawaad
MarcusG
  • Question Question
XF 2.0 SSL's and redirecting HTTP to HTTPS..
Replies
4
Views
3K
MarcusG
MarcusG
Back
Top Bottom