Switch from https to http after login
- viewofheaven
- OFFLINE
-
New Member
- Posts: 18
- Thanks: 0
- Karma: 0
CB_Login's https setting doesn't seem to work, or I don't seem to understand what it is supposed to do.
The options are:
Option 1: Same as page (default)
Option 2: Use https for posting login and then same
Option 3: Use https (encrypted) for login and after login
Option 2... Is the https here not encrypted, as opposed to Option 3's? What is the meaning of "same"? Revert back to http, if the page browsed was http? "Same" as the "same" also in option 1? In contrast to Option 3, I would guess that users send passwords through https, but is bumped back to http after having successfully logged in. Unfortunately, that's not how it works!?
Option 3... This ones seems intuitive, and works as advertised. But given how Option 2 has "not quite worked", I have a nagging fear that Option 3 only "worked by accident, not by design". I'm worried I'm missing some security loopholes in using Option 3.
Is there an option where users are redirected back to http after logout?
Can someone tell me how this works before I dig into the code? Is the CBSubs and other paid packages having the same quality? I wish I can just buy CBSub and hit the ground running, but I'm afraid.
Please Log in to join the conversation.
- viewofheaven
- OFFLINE
-
New Member
- Posts: 18
- Thanks: 0
- Karma: 0
Login Redirection URL isn't working, no matter what I put in (absolute or relative).
I've since found Frontend User Access. If I still don't get a reply here, I'll hack CB_Login and move on. Sigh.
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68537
- Thanks: 9093
- Karma: 1434
This performs the login POST in HTTPS then redirects the user back to HTTP (can't make a POST to HTTP without cross content errors). This appears to be working as expected. The end user won't notice anything happening, but their data (username/password) is being passed to your site securely and they're then sent back as their previous usage. For example if they were browsing in HTTP they will be sent back to HTTP after login. If you've Firebug for Firefox and review the Net tab setting it to persist you should notice on login that the post is in HTTPS.Option 2... Is the https here not encrypted, as opposed to Option 3's? What is the meaning of "same"? Revert back to http, if the page browsed was http? "Same" as the "same" also in option 1? In contrast to Option 3, I would guess that users send passwords through https, but is bumped back to http after having successfully logged in. Unfortunately, that's not how it works!?
This is working exactly as designed.Option 3... This ones seems intuitive, and works as advertised. But given how Option 2 has "not quite worked", I have a nagging fear that Option 3 only "worked by accident, not by design". I'm worried I'm missing some security loopholes in using Option 3.
Please ensure CB login module is being used. Please also is in the format as seen in the below (relative and non-sef). Please also check if you've a first time login redirect configured in CB > Configuration > Registration as this would take affect for first time login which would override your modules login redirect. If you've multiple login modules please ensure you're using the module configured with the redirect.Login Redirection URL isn't working, no matter what I put in (absolute or relative).
index.php?option=com_comprofiler
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- viewofheaven
- OFFLINE
-
New Member
- Posts: 18
- Thanks: 0
- Karma: 0
No, it isn't working as expected. But I fixed it. CB v1.7.krileon wrote:
This performs the login POST in HTTPS then redirects the user back to HTTP (can't make a POST to HTTP without cross content errors). This appears to be working as expected.Option 2... Is the https here not encrypted, as opposed to Option 3's? What is the meaning of "same"? Revert back to http, if the page browsed was http? "Same" as the "same" also in option 1? In contrast to Option 3, I would guess that users send passwords through https, but is bumped back to http after having successfully logged in. Unfortunately, that's not how it works!?
Yes, this one does work as expected.krileon wrote:
This is working exactly as designed.Option 3... This ones seems intuitive, and works as advertised. But given how Option 2 has "not quite worked", I have a nagging fear that Option 3 only "worked by accident, not by design". I'm worried I'm missing some security loopholes in using Option 3.
It's SEF-related. But I fixed it too.krileon wrote:
Please ensure CB login module is being used. Please also is in the format as seen in the below (relative and non-sef).Login Redirection URL isn't working, no matter what I put in (absolute or relative).
Please Log in to join the conversation.
- kiteplans
- OFFLINE
-
Banned
- Posts: 16
- Thanks: 5
- Karma: 0
Please Log in to join the conversation.
-
You are here:
- Home
- Forums
- Community Discussions
- Community Builder
- Potential Bug
- Switch from https to http after login