MyBB Community Forums
no adminCP login after HTTPS implementation - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: Security Management and Support (https://community.mybb.com/forum-179.html)
+--- Thread: no adminCP login after HTTPS implementation (/thread-228818.html)

Pages: 1 2 3


no adminCP login after HTTPS implementation - chuzie - 2020-07-30

Running myBB 1.8.23

Setup HTTPS today per https://docs.mybb.com/1.8/administration/security/https/

Got it working great and all tests pass on whynopadlock.com

No problem logging in to front end.

Unable to log in to adminCP but worked fine before HTTPS.
Keeps asking for username and password, both of which are correct.

Flushed cookies
Tried different browsers
Temporarily removed the protocol redirection from the config.php and logging in from HTTP and it works.
EDIT: I can login to cpAdmin but when I click  any of the TABS I get kicked out and the login form says Invalid administration session.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.xxxxxx.com/$1 [R=301,L]

I also tried using this one instead...

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Clearly I screwed something up in the process.


RE: no adminCP login after HTTPS implementation - s3_gunzel - 2020-07-30

Did you update your cookie settings to be https?


RE: no adminCP login after HTTPS implementation - chuzie - 2020-07-30

(2020-07-30, 03:36 AM)s3_gunzel Wrote: Did you update your cookie settings to be https?

In the ACP? No. That was the next step in the tutorial, but now I can't access.


RE: no adminCP login after HTTPS implementation - .m. - 2020-07-30

have you also tried direct login to admin panel through http protocol ..


RE: no adminCP login after HTTPS implementation - chuzie - 2020-07-30

(2020-07-30, 03:51 AM).m. Wrote: have you also tried direct login to admin panel through http protocol ..
Yes. When I removed the HTTPS code from the htaccess, it let's me login but when I click a tab it kicks me back out.


RE: no adminCP login after HTTPS implementation - .m. - 2020-07-30

check if settings.php file in inc folder contains :
$settings['cookiesecureflag'] = "1";
if not then you can add it after $settings['cookieprefix'] = "";

clear your browser cookies again & try logging into forum admin panel.
if navigation around the admin panel works then turn on that secure cookie flag setting

also headerinclude template of the theme should contain
var cookieSecureFlag = "{$mybb->settings['cookiesecureflag']}";

it can be added after var cookiePrefix = "{$mybb->settings['cookieprefix']}";

see also replies here : link


RE: no adminCP login after HTTPS implementation - chuzie - 2020-07-30

Unfortunately, $settings['cookiesecureflag'] in inc/settings.php is already present and defined with  '1' so back to the drawing board I suppose.
I assume you mean for me to edit the template with the cookiesecure once I again have ACP access, correct?

Looking at the link you provided for reference, it appeatr varnischcash  may have been the culprit in that case.

Thx.


RE: no adminCP login after HTTPS implementation - s3_gunzel - 2020-07-30

(2020-07-30, 05:47 AM)chuzie Wrote: Looking at the link you provided for reference, it appeatr [color=#333333][size=small]varnischcash  may have been the culprit in that case


Varnish is awful unless you know what you're doing. It should not be used on a shared host to reduce load because it's not configured for everything - it just can't be.


RE: no adminCP login after HTTPS implementation - chuzie - 2020-07-30

(2020-07-30, 06:03 AM)s3_gunzel Wrote:
(2020-07-30, 05:47 AM)chuzie Wrote: Looking at the link you provided for reference, it appeatr [color=#333333][size=small]varnischcash  may have been the culprit in that case


Varnish is awful unless you know what you're doing. It should not be used on a shared host to reduce load because it's not configured for everything - it just can't be.


Just to be clear, I am NOT using varnischcash.


RE: no adminCP login after HTTPS implementation - .m. - 2020-07-30

Quote:also headerinclude template of the theme should contain

var cookieSecureFlag = "{$mybb->settings['cookiesecureflag']}";


it can be added after var cookiePrefix = "{$mybb->settings['cookieprefix']}";
reference is to the template of the active theme you are using

as admin panel login & navigation is not working
insertion needs to be done through the database.

if direct help required, you may PM me temporary access to your web host
control panel
and your admin account for the forum - change them later