I'm currently running an old version of phpbb 3.0.9, and since I use a custom style based on subsilver2 with a lot of mods, I've not had the time to upgrade.
I'd like to change the forum from http to https, and already have the certificate installed and all https request already all work fine.
I've read that changing the forum setting to https and also the cookie settings causes some people to get locked out of admin, which worries me a great deal because I'm not really experienced enough to get the resolved.
So my question is, can I just do a 301 redirect of all http request to https? Will that basically be the same, or is there a reason why a change of forum settings to https is required?
Support for phpBB versions earlier than 3.2.0 has ended. Any support requests regarding those versions are limited to help with conversion to the latest version. If you require assistance upgrading please post back.
"The good news is hell is just the product of a morbid human imagination.
The bad news is, whatever humans can imagine, they can usually create." - Harmony Cobel
"The good news is hell is just the product of a morbid human imagination.
The bad news is, whatever humans can imagine, they can usually create." - Harmony Cobel
My question is though, can I just force to https via .htaccess, without changing the cookie settings?
I asked because I know people have reported getting locked out of the ACP, and if this happens I'm not sure if I have the skills to fix it. The fix you linked to is probably for the latest version, and I don't know if this will still work for my version.
That article is good for phpBB versions 3.0.* and upwards. If you’re using ssl you need to enable cookie secure as you will experience issues staying logged in as well as other things if you don’t.
Mick wrote: ↑Fri Apr 26, 2019 7:48 amIf you require assistance upgrading please post back
"The good news is hell is just the product of a morbid human imagination.
The bad news is, whatever humans can imagine, they can usually create." - Harmony Cobel
if you only do one or the other you will have the problems you are seeing.
you keep saying people getting locked out of the acp. only admins should be able to access the acp to start with.
anyway, once you have set the htaccess to redirect and you have the cookie settings correct there should be no problems for anyone.
remember, one of the steps in setting the cookies is to change the cookie name. when you do that it causes everyone to have to log in the next time they visit to get the new cookie.