HTTPS / SID

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
Dan Stylez
Registered User
Posts: 97
Joined: Tue Jan 16, 2018 6:17 am
Contact:

HTTPS / SID

Post by Dan Stylez » Sat Jul 14, 2018 5:07 pm

I've just set up a forum for someone, but I'm not sure if I need to make a change to the server/cookie settings.

The hosting includes SSL, so I've enabled Cookie Secure in Cookie Settings, then in Server Settings I have set Server Protocol as blank,

If I view the site with HTTPS, I don't see any SID, if I log in I see it immediately on the index page but then never again on the index page or other pages.

But if I view the site with just HTTP, every page URL is showing the SID.

Most forums I know are forced so if you try HTTP it will change to HTTPS, so the question is... if HTTPS is not forced, should viewing it with HTTP keep showing the SID ?

User avatar
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 24491
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: HTTPS / SID

Post by Paul » Sat Jul 14, 2018 5:13 pm

Yes, because you have said cookie secure to yes your cookies are only valid for HTTPS and they won't work on HTTP. If cookies don't work, phpBB will fall back to using SIDs in the URL. So you or need to force HTTPS (Which is not a bad thing) or you need to live with having the SID in the URL.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3043
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: HTTPS / SID

Post by HiFiKabin » Sat Jul 14, 2018 6:14 pm

Add the following to your .htaccess to redirect all http requests to https

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Dan Stylez
Registered User
Posts: 97
Joined: Tue Jan 16, 2018 6:17 am
Contact:

Re: HTTPS / SID

Post by Dan Stylez » Sat Jul 14, 2018 6:56 pm

Thanks for clearing that up Paul,
When I changed it to force HTTPS, I'm still able to access it using HTTP, but it does change to HTTPS after I log in.

HiFiKabin wrote:
Sat Jul 14, 2018 6:14 pm
Add the following to your .htaccess to redirect all http requests to https

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
If I add this, should I change any of the server/cookie settings back in the ACP?
There is a post on here saying that changing the .htaccess stops board emails working so wasn't sure if that would be a good idea.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19694
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: HTTPS / SID

Post by Mick » Sat Jul 14, 2018 7:28 pm

Dan Stylez wrote:
Sat Jul 14, 2018 6:56 pm
There is a post on here saying that changing the .htaccess stops board emails working . . .
Make a copy of the original and put it somewhere safe. If the board goes peculiar because of the changes to .htaccess replace it with your back up and you're back to square one. Please post a link to the board so we can see if the cookie settings are ok or not.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3043
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: HTTPS / SID

Post by HiFiKabin » Sun Jul 15, 2018 9:37 am

Dan Stylez wrote:
Sat Jul 14, 2018 6:56 pm
There is a post on here saying that changing the .htaccess stops board emails working . . .
I have never had a problem with that, but I do have SSL email as well. Perhaps that also needs to be activated to ensure board emails are sent

Dan Stylez
Registered User
Posts: 97
Joined: Tue Jan 16, 2018 6:17 am
Contact:

Re: HTTPS / SID

Post by Dan Stylez » Tue Jul 17, 2018 1:00 am

I changed the .htaccess file on Saturday and the board was working fine a couple of hours later, I didn't look at the forum again until tonight, but now each page is taking 20 seconds or more to load and sometimes get an error coming up:

SQL ERROR [ mysqli ] Too many connections [1040] (5/6 times)
SQL ERROR [ mysqli ] Connection refused [2002] (once)

The board has been disabled since installation, it's a new domain so no visitors, haven't installed any extensions or styles.

I'll try it again in the morning and see what's what.

Post Reply

Return to “[3.2.x] Support Forum”

Who is online

Users browsing this forum: No registered users and 17 guests