website - http://www1.internetvoipphone.co.uk/
Note - http://www.internetvoipphone.co.uk/ uses V1.3.2, www1 address is our V1.6 dev site before going live so please only look at that one.
Issue - when a user logs in then browses back to a product page they switch from https back to http which in turn logs them out, we cant find a reason why magento changes some links to https but not others
account details for testing:
username: test#test.com
password: password
I've tried resetting to the default template but the issue still occurs so it must be a magento config issue, any help greatly appreciated
The issue seems to be caused by cookies, we use two URL's www1.internetvoipphone.co.uk and secure.internetvoipphone.co.uk, each domain was sending out a cookie "frontend" which seem to have been conflicting.
setting the cookie domain to .internetvoipphone.co.uk generates a single cookie and as yet seems to have fixed the issue.
Yes the cookie path and also the browser's cache can wreak havoc with Magento when using a development installation, even if on another domain.
Related
Here's my situation:
I recently inherited a website from someone else who's MIA.
Recently the SSL certificate expired.
Website now can't be accessed properly. It first gives me NET::ERR_CERT_DATE_INVALID and when I bypass it, all UI elements look distorted and don't work.
Tried disabling SSL through Joomla admin page and I can't access the option that's embedded under a "server" tab in the settings page...because the UI elements don't work there as well. (Even joomla admin page is forced through https)
Tried disabling SSL or HTTPS through .htaccess and I don't see that https was enabled through that. In other words, no code for me to disable there.
Anyone has suggestions on how to get this page up and running properly again?
I have a Magento website up and running. Suddenly I could not Login to the website and could not add products to the website. On login, it simply redirected back to login page from admin end. And on adding product to cart it kept asking for enabling cookies.
Now I have updated the value of "web/cookie/cookie_domain" in core_config_data to "", and it started working fine, though previously the value was the domain name. Can anyone really suggest/explain why does it behave like this?
Magento also has an issue where if you use the bare domain and a subdomain to try accessing the site, it can set two cookies, one for example.com and one for subdomain.example.com.
You will have issues logging in for either front or admin sessions until you delete all the Magento cookies pertaining to your domain. Setting cookie paths, domains and redirecting all bare domain traffic to www or all www traffic to bare domain is necessary to prevent the issue.
search the web and found solutions.
Disable redirect to enable-cookies CMS page
Go to System –> Configuration –> General –> Web –> Browser Capabilities Detection –> Redirect to CMS-page if cookies are disabled = No
for more info you See this link.I hope solve your problem.
I have a Magento 1.7.0.2 installation which loses session data when logging in.
It logs in correctly from main page (HTTP) and works fine until I go to Cart page and click checkout. Then it leads to checkout where I am logged out (already HTTPS) and when I try to login it redirects me to account/dashboard and thus I cannot ever complete an order.
Recently we've changed the server from Litespeed to Apache, I'm not sure if the problem is in Apache configuration because As I change the cookie settings from Magento, it makes no effect.
I've tried setting the domain like ".www.example.com", path to "/", expire time to "5400", no effect.
EDIT: it turns out the cookie is not passed to /checkout/onepage/ request. That is when I click the checkout button. What may be the reason for this?
Try to change System->Configuration->Web->Session Cookie Management->Use HTTP Only to "No" and clear the cache.
I moved magento site from a sub-directory (http://mysite.com/magento) to the parent directory (http://mysite.com). After successful transfer I noticed that my site url does not have "www" So I added it up in the Database in core_config_data in base and secure url fields.
That is before base and secure url were: http://mysite.com
After changing it: http://www.mysite.com (added www to it).
Then I removed everything from the Var folder and deleted browser history with cookies and all other information of chrome.
There is no problem in frontend of the site, although I am not able to login at admin side. It just returns me to login page without any error but with a url like this
http://www.mysite.com/index.php/admin/index/index/key/b4f1cd105c9623c8d313c41e5c59f5b1/
But if I clear browsing history and cookies etc all, then it let me login once and for second time if I want to login again, I have to do the same process again .i.e. delete all the cookies and data from chrome history and then login again.
I have browsed same questions asked at stackoverflow and some other forums but all suggests to clean up cookies. But I think already did that, did I miss something or need to do something more?
This could be myriad things, but I'd check that your cookie domain at
System -> Configuration -> Web -> Session Cookie Management
matches your new www.example.com domain name.
I have two MVC3 sites, both hosted on the same server that I've configured to use the same authentication cookies.
The first site is an intranet site using Windows authentication. This site has one simple Action that checks to see if the user was authenticated, if the user has been, it creates a FormsAuthentication cookie that it adds to the response. This cookie is created for a generic user that I determine from the User's AD groups. The response then redirects the user to a second site that uses Forms Authentication.
When I run this on my local machine, everything works as described above. When I deploy this to our local web server, it doesn't. I've tested to see if the user's group is correctly determined and that it creates a valid user for the cookie, and I have verified that this is correct on the web server.
Here is how I'm doing all of the above:
First, I made both sites use the same same Machine Key for encryption and decryption.
When I create the cookie in Site1, I ensure that it has the same name and Domain as the cookies created on Site2.
var cookie = FormsAuthentication.GetAuthCookie(userName, false);
cookie.Domain = FormsAuthentication.CookieDomain; //This is the Domain of my 2nd site as they are different
HttpContext.Response.Cookies.Add(cookie); //Add my cookie to the response
HttpContext.Response.RedirectPermanent(urlForSite2);
Again, when I run this on my local machine it works without a problem. But when deployed, it's either not passing the cookie in the request, or the response is ignoring it, but I'm not sure how to verify either of these cases.
Feel free to ask any question regarding more details as to how I'm doing this if it will help in getting an answer I need.
Cross domain cookies are not allowed. If you have two separate domains; one cannot access the others cookies. Two separate virtual directories/applications will work when using the same machine key. http://blogs.technet.com/b/sandy9182/archive/2007/05/07/sharing-forms-cookie-between-asp-net-web-application.aspx
If you want to share login cookies between sub-domains you need to edit the Domain property of the login cookie to the 2nd level domain "abc.com" so that "www.abc.com" and "ww2.abc.com" will have access to the cookie. http://forums.asp.net/t/1533660.aspx
String usrName = User.Identity.Name.ToString();
HttpCookie authCookie = Security.FormsAuthentication.GetAuthCookie(usrName, false);
authCookie.Domain = "abc.com";
Response.AppendCookie(authCookie);
Actually, it is possible, but isn't as simple as the domain/sub-domain cookie sharing.
http://www.codeproject.com/KB/aspnet/CrossDomainSSOModel.aspx
While the example given in this article didn't apply directly to what I was doing, I could use some of the ideas expressed there to get what I needed working. It ended up being my configuration settings in site2 web.config.
My URLs are as follows
Site1 = http://site.stage
Site2 = http://site.stage.MyCompanyName.com
Site 1 requires a host entry addressing it to a specific IP address of the hosting machine. It's also an entry in my IE Security settings - Local Intranet Sites.
I should note that these applications are both virtual directories running under the same default website.
I thought I had solved my problem but setting the Domain in the config file to and empty string, but this didn't work. I'm not sure what can be done now. This still works when I run it on my local machine, but not when I run it on my server. The only difference is the urls.
My dev machine is using the urls
Site 1: http://localhost/CompanyName.TVAP.IntranetSite
Site 2: http://localhost/TVAPDev/
I hope this adds some clarification. This Answer should really be posted as an edit to my question, but when I originally posted it, I thought I had it working.
UPDATE: I think my answer is in my URLs above. My dev machine URLS both are using the same domain name, which in this case is localhost. I think if I alter my deployed websites to use the same domain, I will be OK. I'll post an update when I get it worked out.