Private Site Problem

  • Resolved otomatikkurbaa

    (@otomatikkurbaa)


    4 years, 1 month ago

    I’m trying to make my page entirely private, only logged in users can see, others will be redirecting to login page. I checked private page checkbox in settings menu and redirecting works fine for logged out users.

    But when an user logged in and try to go another page, like from main page to a content page or user settings page, plugin redirect user to login page again and ask for login credentials again.

    Is this a bug or am I missing something?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Caseproof

    (@caseproof)

    Hi @otomatikkurbaa

    I can’t reproduce this issue. Did you test it with default Subscriber role? Could you double-check if this is not a plugin conflict? To do this, please deactivate all your plugins temporarily to see if this resolves the problem. If this works, re-activate all plugins one by one to see which one causes that issue.

    Thanks

    Plugin Author cartpauj

    (@cartpauj)

    Could be a couple of issues. Most commonly is browser caching (expires HTTP response header). If the browser is told to cache the page when the user is logged out, then after they login and visit the page again, they’ll get the logged out view from their browser cache.

    Second might be that they’re logging in under https or http and then viewing the page in the opposite protocol (which would then be viewed as logged out). The WP login cookies are good for http or https but not both.

    Same problem here! When I disable the member’s plugin and reactivate everything works fine, but after a while, this happens again (any page I thy access I’m logged out, then I provide my login credentials and when I click on any pages, I’m logged out. Then I need disable plugin again.)

    If a site is running on https and you enter the hostname in your browser you are redirected to the https login page but with a non-https redirect_to parameter:

    curl -I dev.thewinesofindia.com

    location: https://dev.thewinesofindia.com/wp-login.php?redirect_to=http%3A%2F%2Fdev.thewinesofindia.com%2F&reauth=1

    I guess Members intercepts the request before WP performs its redirect to HTTPS.

    I’ll update if I find out more. Is this a Members problem or a site/hosting config problem though?

    Edit: I enabled my host’s option to force SSL. That is triggered earlier than the WP redirect:

    curl -I dev.thewinesofindia.com

    https://dev.thewinesofindia.com/

    curl -I https://dev.thewinesofindia.com/

    https://dev.thewinesofindia.com/wp-login.php?redirect_to=https%3A%2F%2Fdev.thewinesofindia.com%2F&reauth=1

    I do kind of feel that if you rely on WP to redirect to https, that the Members redirect should come later if that is possible.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Private Site Problem’ is closed to new replies.