changing site to ssl (https) won't maintain logged in state

  • SeattleLion

    (@seattlelion)


    9 years ago

    I’m trying to convert one of my sites to https. I have no problems with redirects and page display, but one issue prevents me from completing the transition: If I access the site via https, I find I am logged off. If I log in to wp-admin, I get to the normal dashboard. But, if I go back to the main site, I am again logged out. If I log in from the site, I see the WP admin options across the top of the screen. I use that to back to the admin dashboard. I go back to the site and again I am logged out.

    What can I do to fix this?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • jkhongusc

    (@jkhongusc)

    How did you configure your system to use https? That detail is important.

    I can guess why you are having problems. You are logging into wp-admin via https. WP creates a secure cookie. If you visit any http url (e.g. main site) you are no longer logged in. You should verify this info. Secure cookies are only sent to https.

    Thread Starter SeattleLion

    (@seattlelion)

    At the simplest, just to test, I set up a redirect in my apache server to redirect all http to https. I also changed the wp-admin flag in config. I didn’t do what you described. Here is my exact procedure:

    go to my public site via https
    click “dashboard” in the dropdown in the header
    I am taken to the login screen (https)
    I log in
    I am taken to the dashboard (https)
    In the header I select to go to my site
    I am taken to the public page and I am no longer logged in

    I am unable to persist the logged in state in https. I can’t figure out why.

    jkhongusc

    (@jkhongusc)

    We have done something similar. We configured our Apache server to redirect all http to https. I didnt do any special configurations in WP. All of our urls are served by https; and we dont have any issue of being logged out.

    Your last statement – ‘I am taken to the public page and I am no longer logged in’. Is the public page https and the same hostname/domain? How do you know you are not logged in? Plugins can obscure that. For example the admin-bar could be hidden by pluggins, but if they WP cookies are passed to the public page, then you are logged in. Or a caching plugin may show you the cached page.

    Thread Starter SeattleLion

    (@seattlelion)

    Good points. I don’t use any caching plugins (had trouble with them and decided to go without). I know I’m not logged in because if I go to the bottom of the page where I have the login/logout widget, it says “log in”.

    For some reason I am always forced to log in. I use the plugin that allows my domain name to be used instead of the subdomain I assigned this particular site. That works fine on the public site pages. But when I go to the admin page it always displays the subdomain url instead of the one for the site. This is true in http and https. the only difference is that with https the logged in state is lost.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘changing site to ssl (https) won't maintain logged in state’ is closed to new replies.