Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / icons

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
joeyb+1
Registered User
Posts: 25
Joined: Wed Apr 30, 2008 3:12 am
Location: AU

Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / icons

Post by joeyb+1 » Sun Jul 22, 2018 12:28 pm

Support Request Template
What version of phpBB are you using? phpBB 3.2.2
What is your board's URL? https://ozbenz.net
Who do you host your board with? servage.net
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Please select your answer
Is registration required to reproduce this issue? Yes
Do you have any MODs installed? No
Do you have any extensions installed? Yes
What extensions do you have installed? styles
What styles do you currently have installed? Prosilver, softblue
What language(s) is your board currently using? english
Which database type/version are you using? MySQL(i) 10.0.23-MariaDB-0+deb8u1
What is your level of experience? New to PHP but not phpBB
What username can be used to view this issue? obz_test_usr
What password can be used to view this issue? z(uCw21JFc5Owj6Sq$pjwb66nIc{4vl
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? Ordered SSL certificate from host. installed it, changed the appropriate cookie secure settings, changed the cookie as per recommended procedure, set the server settings to use https (forced). Set SSL port 443.
Screen Shot 2018-07-22 at 20.58.10.JPG
Screen Shot 2018-07-22 at 22.21.04.JPG
Please describe your problem. 2 issues have occurred.

1. users are now being logged out, even after clearing cache and cookies and attempting to login. When a user visits the login page after clearing cache etc, they receive the 'maximum login attempts" warning (attempts set to 5, but only one attempt is made).
Screen Shot 2018-07-22 at 21.00.06.JPG
user can enter the Q&A captcha and successfully login, or they can login and then on the next page navigation, they are automatically logged out.

issue 2 is more simple. Since the SSL certificate was installed and the changes made in the ACP, the smilies have disappeared and replaced with the question-mark filled boxes (takes a long time to load them also)
Screen Shot 2018-07-22 at 20.57.17.JPG
The forum category images on the main page have also disappeared. No changes were made to any of the filesystem locations or permissions for /files or /images. Unsure how this is occurring.

I elected to change the mod_rewrite setting, and it has made no difference. - I was not sure if it would make any difference though.

Styles were deactivated and reactivated, cache was cleared after each change. the DB has been repaired and optimized and this is the current status.

The hover link for the main website text, if clicked will logout the user, as it doesn't carry the session ID - before the SSL certificate was enabled, this did not logout a user using http.

I'm unsure if there needs to be any further changes on the host side, and I have raised a support ticket for this problem, but they have not been very helpful in trying to assist troubleshooting. the DNS maps to the correct IP, the SSL is enabled, the cookie setting is correct...

Not sure how to proceed from here.

Also now some random ajax errors are occurring when attempting to use the shortcut icon mod tools to delete user posts from the test user created for this issue.
Screen Shot 2018-07-22 at 22.03.56.JPG
Screen Shot 2018-07-22 at 22.03.56.JPG (9.68 KiB) Viewed 197 times
That's the complete result of changing the cookie secure and forcing https and port 443, which is where things are at now, I have tried non forced, tried leaving it on port 80, tried no mod_rewrite but none of the toggles seems to make any difference except disabling the cookie secure and ssl certificate.

caches cleared etc ad infinitum. but that is the current state and as mentioned, unsure how to proceed to ensure the ssl remains functional and the smilies, icons etc load correctly. It's a mighty strange side-effect of enabling cookie secure.

Generated by SRT Generator

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19698
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / ico

Post by Mick » Sun Jul 22, 2018 12:39 pm

Your cookie settings are good, no need for adjustment.

You can try setting Force server URL settings to no (you’ve already done that?) phpBB should set that automatically. I can’t see any other setting issues. I'd be inclined to speak to your host as the settings are ok but the Ajax error is probably down to them.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

janus_zonstraal
Registered User
Posts: 2517
Joined: Sat Aug 30, 2014 1:30 pm

Re: Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / ico

Post by janus_zonstraal » Sun Jul 22, 2018 12:41 pm

http://ozbenz.net isn't working.

I suggest
Set everything back to the point before you got the SSL certificate and check if things are working.
Sorry! My English is bat ;) !!!

joeyb+1
Registered User
Posts: 25
Joined: Wed Apr 30, 2008 3:12 am
Location: AU

Re: Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / ico

Post by joeyb+1 » Sun Jul 22, 2018 1:11 pm

Mick wrote:
Sun Jul 22, 2018 12:39 pm
Your cookie settings are good, no need for adjustment.

You can try setting Force server URL settings to no (you’ve already done that?) phpBB should set that automatically. I can’t see any other setting issues. I'd be inclined to speak to your host as the settings are ok but the Ajax error is probably down to them.
Yeah I had done that back and forth in all permutations and combinations, just to make sure I wasn't kidding myself. I've posted how it is currently, and the login issue is persistently generating the login-max-attempts message, even though I upped it to 5 from 2.

I also made sure .htaccess was set in the phpbb root with the hosts env flag
#set HTTPS env in condition of Servage HTTPS Flag
SetEnvIf SSL "on" HTTPS=1

Apart from that I have no idea why I'm still getting logged out randomly.

issue is browser agnostic - makes no difference which browser or device type.

Ajax issue I agree, has to be a host thing.

Thanks for the second pair of eyes, at least I can be sure I've set it correctly in phpbb. Can't help but think that cookie secure setting hasn't stuffed something else up though.... nothing else changed and the smilies are still not there...

joeyb+1
Registered User
Posts: 25
Joined: Wed Apr 30, 2008 3:12 am
Location: AU

Re: Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / ico

Post by joeyb+1 » Sun Jul 22, 2018 1:12 pm

janus_zonstraal wrote:
Sun Jul 22, 2018 12:41 pm
http://ozbenz.net isn't working.

I suggest
Set everything back to the point before you got the SSL certificate and check if things are working.
http isn't working because it's disabled.

joeyb+1
Registered User
Posts: 25
Joined: Wed Apr 30, 2008 3:12 am
Location: AU

Re: Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / ico

Post by joeyb+1 » Sun Jul 22, 2018 1:26 pm

Host tech support has just informed me they have "made some changes to SSL setting" and that I have to wait 2-3 hrs before testing.

They didn't tell me what they changed... :roll:

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19698
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / ico

Post by Mick » Sun Jul 22, 2018 2:16 pm

joeyb+1 wrote:
Sun Jul 22, 2018 1:11 pm
Can't help but think that cookie secure setting hasn't stuffed something else up though
I wouldn’t have thought so, it’s just an on/off switch and will revert when you change the setting. Plus, there’s millions of us out there who have made these changes without issue.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

joeyb+1
Registered User
Posts: 25
Joined: Wed Apr 30, 2008 3:12 am
Location: AU

Re: Adding SSL certificate and changing the board setting leads to random logouts (ssl redirect?), missing smileys / ico

Post by joeyb+1 » Sun Jul 22, 2018 2:50 pm

So the issue wth the max-login-attempts (captcha ) is now a problem.

the host informed me they made a change to hotlink protection on the image files, and now the smileys are back - not sure why ssl affects this, but it did.

the second change was to the certificate. http disable was turned off, and that means any http will redir to https.

But the issue with login still occurs.

clear browser cache/cookie.

goto ozbenz.net in address bar and watch. page is secure.
click on login
Screen Shot 2018-07-22 at 23.29.52.JPG
Screen Shot 2018-07-22 at 23.29.52.JPG (11.26 KiB) Viewed 126 times
enter login details and submit

and then immediately posts the max-login attempt.
enter credentials and the captcha (which is disabled!!!)
Screen Shot 2018-07-23 at 00.54.04.JPG
it gives an SID in the address bar...
Screen Shot 2018-07-22 at 23.30.01.JPG
Screen Shot 2018-07-22 at 23.30.01.JPG (11.63 KiB) Viewed 126 times
and the login is OK.

yes I disabled the captcha for testing.... but it keeps asking for it.

so what's causing that? it's disabled (set to 0)

Post Reply

Return to “[3.2.x] Support Forum”

Who is online

Users browsing this forum: Exclusive, Mannix_, mosestheauthor, new.new, nudels64 and 33 guests