HTTPS / SID

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
User avatar
DTMWC
Registered User
Posts: 379
Joined: Tue Jan 16, 2018 6:17 am

HTTPS / SID

Post by DTMWC »

I've just set up a forum for someone, but I'm not sure if I need to make a change to the server/cookie settings.

The hosting includes SSL, so I've enabled Cookie Secure in Cookie Settings, then in Server Settings I have set Server Protocol as blank,

If I view the site with HTTPS, I don't see any SID, if I log in I see it immediately on the index page but then never again on the index page or other pages.

But if I view the site with just HTTP, every page URL is showing the SID.

Most forums I know are forced so if you try HTTP it will change to HTTPS, so the question is... if HTTPS is not forced, should viewing it with HTTP keep showing the SID ?
Boom.
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28619
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: HTTPS / SID

Post by Paul »

Yes, because you have said cookie secure to yes your cookies are only valid for HTTPS and they won't work on HTTP. If cookies don't work, phpBB will fall back to using SIDs in the URL. So you or need to force HTTPS (Which is not a bad thing) or you need to live with having the SID in the URL.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6673
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: HTTPS / SID

Post by HiFiKabin »

Add the following to your .htaccess to redirect all http requests to https

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
User avatar
DTMWC
Registered User
Posts: 379
Joined: Tue Jan 16, 2018 6:17 am

Re: HTTPS / SID

Post by DTMWC »

Thanks for clearing that up Paul,
When I changed it to force HTTPS, I'm still able to access it using HTTP, but it does change to HTTPS after I log in.

HiFiKabin wrote: Sat Jul 14, 2018 6:14 pm Add the following to your .htaccess to redirect all http requests to https

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
If I add this, should I change any of the server/cookie settings back in the ACP?
There is a post on here saying that changing the .htaccess stops board emails working so wasn't sure if that would be a good idea.
Boom.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26505
Joined: Fri Aug 29, 2008 9:49 am

Re: HTTPS / SID

Post by Mick »

Dan Stylez wrote: Sat Jul 14, 2018 6:56 pmThere is a post on here saying that changing the .htaccess stops board emails working . . .
Make a copy of the original and put it somewhere safe. If the board goes peculiar because of the changes to .htaccess replace it with your back up and you're back to square one. Please post a link to the board so we can see if the cookie settings are ok or not.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6673
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: HTTPS / SID

Post by HiFiKabin »

Dan Stylez wrote: Sat Jul 14, 2018 6:56 pmThere is a post on here saying that changing the .htaccess stops board emails working . . .
I have never had a problem with that, but I do have SSL email as well. Perhaps that also needs to be activated to ensure board emails are sent
User avatar
DTMWC
Registered User
Posts: 379
Joined: Tue Jan 16, 2018 6:17 am

Re: HTTPS / SID

Post by DTMWC »

I changed the .htaccess file on Saturday and the board was working fine a couple of hours later, I didn't look at the forum again until tonight, but now each page is taking 20 seconds or more to load and sometimes get an error coming up:

SQL ERROR [ mysqli ] Too many connections [1040] (5/6 times)
SQL ERROR [ mysqli ] Connection refused [2002] (once)

The board has been disabled since installation, it's a new domain so no visitors, haven't installed any extensions or styles.

I'll try it again in the morning and see what's what.
Boom.
Post Reply

Return to “[3.2.x] Support Forum”