working login with http and https

darkdiver

Member
Hi!
I have forum available on both http and https.
I can't just move forum to the https.
But I see the problem, if some body used https to login to the forum.
He is not logged in for http version of the forum and he even can't login to the http version.
As far as I understood the problem is that
xf_user, xf_session cookies are marked as secure cookies after https login.
How can I configure cookie settings NOT to mark them as secure in https login?
 
I can't just move forum to the https.
Why not?

If you are using HTTPS, you should force the use of it - having the site available via both protocols is not recommended and will cause issues such as those you have mentioned.

If you don't want to force HTTPS, remove it completely.
 
1. Too many embeded content from http resources.
2. Problem with great China firewall and ICP license.
But many users want https. And I have to use both.

In any case I know about problems, and I showed root of the problem and I need a solution.
Except throwing away pure http.
 
Top Bottom