Sometime i result suddenly logged out/in ... why? (http/https)

User avatar
axew3
w3all User
w3all User
Posts: 1875
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Sometime i result suddenly logged out/in ... why? (http/https)

Post by axew3 »

an answer to a topic about the behavior:
"sometime i result suddenly logged out!"

Solution:
If WordPress is setup as https in
WP admin -> General Settings -> WordPress Address (URL))
then also phpBB need to be https, so
in ACP -> Server Configuration -> Server protocol: SET as https:// if your WordPress is https.
Or http:// if not ssl, and WP and phpBB are served under http://


Re-login if necessary.
Done.

more about force http/s:
if you login in phpBB via ssl/https:

Code: Select all

https://www.mysite.com/forum/
than after logged, you point instead to:

Code: Select all

http://www.mysite.com/forum/
so http, not https,
you'll see that you result logged out.
repoint to https: you'll result logged in other time correctly.
Cookies, may are not recognized if released as https and you point to phpBB as http.

You can access phpBB via http, and not https, and maybe after, you have links in wp that points to forum via http and not https. Even worst, maybe an user could login via http in phpBB: so will never be recognized in wp side, because on wp it is forced (as it is in your case) to be https (but phpBB cookie was released as http).

You see in WP side, that if you point to

Code: Select all

http://www.mysite.com/
you're correctly forced to https:
this you need to do also in phpBB, force to redirect any http request, to an https request.

The same behavior you can experience here at axew3.com (http/https) because i've not setup nothing to fix it here via htaccess at date of this post.
And this is your problem.

The complete solution, could be to add a
force phpBB to be accessed only via https, that mean any request to http url, will be rewrite to be https.

Code: Select all

# if not already activated before in htaccess activate RewriteEngine On removing the # char

#RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
OR with examples:
http://www.askapache.com/htaccess/ssl-e ... p-to-https

xray
User ww
User ww
Posts: 34
Joined: Mon Dec 24, 2018 9:48 pm

Re: Sometime i result suddenly logged out/in ... why? (http/https)

Post by xray »

This is great, I got this to work now by not forcing the https. Once I got this done, the ACP seems to resize appropriately now too. I will continue to monitor. Nice job axe.

Well spoke too soon. Looks like I am back to getting logged out again after clicking on different links.

User avatar
axew3
w3all User
w3all User
Posts: 1875
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Sometime i result suddenly logged out/in ... why? (http/https)

Post by axew3 »

Hi xray thank you! Check this if using iframe:
viewtopic.php?f=2&t=894
may the second part about secondary security patches you can avoid to apply, but the little first, may cause the issue reported and may you'll go to ask yourself why it's not working like here it was not until yesterday night when i've see the wrong commented line.
Remove // on the indicated line activating this function, to have the correct wp reload in case an user login/out in phpBB iframed.
Also change the overall_header.html part, because was working as it was, but containing a wrong var assignment that may lead to some redirect problem on some browser. Just post!

Post Reply