MyBB Community Forums

Full Version: [RESOLVED] Can't log in to front end - but can to admin CP
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
[RESOLVED] - 17-07-24
I changed my .htaccess to force URLS without "WWW" and this fixed the problem.  Not knowing a whole lot about cookies in general, my guess was that they were associated with the non "www" before I made the change and the redirect was to the "www".


[ORIGINAL POST]
I can log in no problem to admin panel but not front end.

If I try and log in it just takes me back to the front page and I'm still guest.  After I've registered a new user it logs in once no problem, but then I can't log in again as that user.

I recently changed to HTTPS, but everything seems to be working fine other than log in...

Forum URL:
iosoftsmiths.com/forums/

Cookie settings - Admin Panel / Site Details:
  Cookie Domain = .iosoftsmiths.com
  Cookie Path = /forums/

Cookie Settings in settings.php are same


Thanks very much!
Make sure to enable the secure cookie flag, as well as force https via your .htaccess file. Forced https can be done by adding the following to your existing htaccess file.
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

It also seems you have insecure content on your website, which may be redirecting users to http, which could also cause login problems. I recommend you check out https://whynopadlock.com and see what content needs to be changed for your SSL certificate to function properly.

Upon creating an account and checking, front end login seems to be working fine for me. If you're still having issues with it you could try a hard refresh (CTRL + F5), as well as clearing your DNS cache by running the following command in command prompt: ipconfig /flushdns
(07-24-2017, 06:06 PM)R34P3R Wrote: [ -> ]Make sure to enable the secure cookie flag, as well as force https via your .htaccess file. Forced https can be done by adding the following to your existing htaccess file.
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

It also seems you have insecure content on your website, which may be redirecting users to http, which could also cause login problems. I recommend you check out https://whynopadlock.com and see what content needs to be changed for your SSL certificate to function properly.

Upon creating an account and checking, front end login seems to be working fine for me. If you're still having issues with it you could try a hard refresh (CTRL + F5), as well as clearing your DNS cache by running the following command in command prompt: ipconfig /flushdns

Thanks for the reply!

I had already enabled secure cookie flag, and my .htaccess seems to be set up correctly.  I'm getting a consistent "padlock" and whynopadlock.com says I'm good to go.  I've tried hard refreshing and flushing DNS.

I was able to create a test user and login once but once I logged out and tried to log in again, no dice.  :/

When I inspect cookies in the Chrome debugger I'm only seeing three cookies:
mybb[lastactive]
mybb[lastvisit]
sid

The sid cookie is marked as HTTP where the other two are not...