Problem with Cookies

[enter a valid email]

Hi
I asked in the German Forum before but there was no Solution. I installed a Lets Encrypt Certificate.
Changed the Cookie Settings for SSL and secure Connection. I still deleted the Cache from FF and my Hoster.
I still have no clue what happened and why the make so much trouble. I installed no Plugin who interact with the Cookie thing.
After 0 - 20 Clicks I get logged out. Does anyone have an idea?
Thanks

[lopoto]

Officiall
https://www.phpbb.com/support/docs/en/3 ... e-settings

[Lumpy Burgertushie]

and you probably need to add this bit to your htaccess file:

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

robert

[enter a valid email]

THX I will update it this Weekend. What could cause the problem? Maybe someone can explain it?

[Mick]

Please post a link to your board.

[enter a valid email]

http://publictransportforum.at/

[Mick]

Ok, you're cookies are good for https, if someone goes in using http there will be logging in and staying logged in problems. If you have the redirect in your .htaccess file you should be good to go.

[enter a valid email]

My Hoster claim to activate the Lets Encrypt Auto Installer in C-Panel with that I should have an Valide Certificate for the domain.at, www.domain.at

[Mick]

Yes, SSL/cookie settings are working properly for https.

[enter a valid email]

and you probably need to add this bit to your htaccess file:

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

robert

so now I updated the File and te redirect to https works fine but I still get kicked out from the Server!
THX

[janus_zonstraal]

Can you post your .htacces here?

[enter a valid email]

<IfModule mod_rewrite.c>
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ app.php [QSA,L]

</IfModule>

<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

[janus_zonstraal]

Try to place the redirect on top of the file, like this:

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ app.php [QSA,L]

</IfModule>

<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>

And try to access the ACP with a other browser

[Mick]

And only one RewriteEngine on.

[enter a valid email]

Excelent. I Edit it and have still the Problem.