Remember Me not working since https

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
Locked
User avatar
davethecat
Registered User
Posts: 64
Joined: Sun Jan 26, 2014 7:26 pm

Remember Me not working since https

Post by davethecat »

Hello, I am hoping for some advice please...

A few days ago we switched our forum to be 'forced' to use https (via an htaccess 301 redirect rule), and that is all working fine; except that some of our users now find that ticking the "Remember Me" box, no longer keeps them logged in between sessions, so they are having to log in again each time they visit.

I realise it's better for security if they logged in fresh each time, and personally I never tick Remember Me boxes, but some of our long-time users are just in the habit of relying on that, so I wondered if there was a solution.

The board is using phpBB version 3.1.9 currently
We have 'cookie secure' set to 'enabled'
Allow "Remember Me" logins - set to ‘Yes’
The "Remember Me" login key expiration length is set to Zero (disabled)

Is this to do with forcing https / SSL? Is it a session/cookie issue? Is this something I can solve, or will our users now just need to learn to log in each time?

Thanks for any help / advice!
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22637
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: Remember Me not working since https

Post by Mick »

If it is a cookie issue Knowledge Base - Fixing incorrect cookie settings should help you. If not you'll have to post back possibly with a link to your board.
"The more connected we get the more alone we become" - Kyle Broflovski©
User avatar
davethecat
Registered User
Posts: 64
Joined: Sun Jan 26, 2014 7:26 pm

Re: Remember Me not working since https

Post by davethecat »

Hi Mick,
Thanks for the link to the Cookie issues page. I've checked our configuration against that, and all seems correct. Our board is within a folder in the site - as per Example 1 on that page - details below.

The only change we made to cookie settings recently was to enable Cookie Secure when we switched to https last week, other than that we have had the same settings for ages with no issues.

Here's our board & cookie settings:

Board URL: https://catchat.org/felineforum/
Cookie domain: .catchat.org (with the dot at the beginning)
Cookie name: (we have used an unusual 12 digit cookie name here)
Cookie path: /
Cookie Secure: as the board is using SSL, this is set to 'enabled'.

Would it help to change the cookie name? Is it possible that users just need to clear their browser cookies? (just thinking if their browser loaded it before we switched to "cookie secure" - could that cause a problem if they don't refresh / clear cookies and it might sort the issue if they load a fresh cookie? (just thinking aloud, I don't really know enough to know if that would help or not).

Thank you for any further clues!
User avatar
JimA
Community Team Leader
Community Team Leader
Posts: 7794
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn
Contact:

Re: Remember Me not working since https

Post by JimA »

davethecat wrote:
Sat Feb 11, 2017 11:45 am
Would it help to change the cookie name? Is it possible that users just need to clear their browser cookies? (just thinking if their browser loaded it before we switched to "cookie secure" - could that cause a problem if they don't refresh / clear cookies and it might sort the issue if they load a fresh cookie? (just thinking aloud, I don't really know enough to know if that would help or not).
Yes, that's how it works. :)
Just add or replace one digit in the cookie name to ensure all users get a new cookie.
Jim Mossing Holsteyn - Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.
User avatar
davethecat
Registered User
Posts: 64
Joined: Sun Jan 26, 2014 7:26 pm

Re: Remember Me not working since https

Post by davethecat »

Thanks Jim, I have done that now.

I have advised the users having the issue to log out and in again - presumably that's all they need to do to get the new cookie?

Cheers for your help!
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21302
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Remember Me not working since https

Post by RMcGirr83 »

You can purge the sessions table, "Purge all sessions", in the ACP then everyone will have to log back in.
Appreciate the extensions/mods/support then buy me a beerImage
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Remember Me not working since https

Post by canonknipser »

But purging the sessions table does not affect the cookies ;)
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
Lumpy Burgertushie
Registered User
Posts: 67994
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Remember Me not working since https

Post by Lumpy Burgertushie »

no, but it forces logout and that means they will get the new cookie the next time they visit.


that is the whole point of changing the cookie name.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
Locked

Return to “[3.1.x] Support Forum”