abbymsmith
Posts: 23
|
| Posted: 04/05/2009, 9:15 AM |
|
Hello,
I have a project where all the pages are restricted, so that if a person tries to access a page before they have logged in they are first redirected to the login page. This has always worked just fine (simply by me setting up the security info in the project and marking the pages restricted).
About 2 weeks ago I upgraded my site to SSL -- so everything is now accessed via https instead of http. I have a .htaccess file in the root directory which automatically redirects traffic to https if the URL says http as follows:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I updated the Secure Server URL parameter (Project -- Settings --Server/Script) in my codecharge project to says https://www.mydomainname.com. I have re-published the entire project since doing this.
Everything works perfectly EXCEPT: if a user tries to access a page before they have logged in, instead of getting redirected to my login page (https://www.mydomainname.com/login.php) they get an error 404 page not found. I have determined that this is because, for some reason, codecharge is including the domain name in the redirect URL twice. For example, before, when the site was working, the redirect URL looked like:
http://www.mydomain.com/Login.php?ret_link=%2FAccessDen...&type=notLogged
Now it looks like:
https://www.mydomain.com/www.mydomain.com/Login.php?ret...&type=notLogged
(Note the domain is repeated twice). If I remove the second reference to the domain from the URL the login page then displays correctly, just as it used to.
I tried removing the Secure Server URL parameter to see if that was causing the issue, but the problem persisted. I also tried playing around with some of the 'Convert URL to...' properties on the pages, but haven't gotten anything to work.
Does anyone have any ideas about why this might be happening or how to fix it? Has anyone else ever faced this problem? I thought someone with more knowledge of how CodeCharge security actually works might have some insight. If I could just figure out why it's including the domain name twice when it didn't before, it seems I could fix the problem.
Thanks in advance for any help!
Abby
|
 |
 |
JimmyCrackedCorn
Posts: 583
|
| Posted: 04/05/2009, 11:32 PM |
|
I am having a similar problem but not using SSL.
My problem is when they try to access a restricted page before logging in they get redirected to login but even with correct login they then get redirected to my error page. But at that point they are actually logged in and can visit any restricted page after seeing the error page first.
I just in a support request today. Will report back what they say.
_________________
Walter Kempees...you are dearly missed. |
|
|
|
abbymsmith
Posts: 23
|
| Posted: 04/06/2009, 12:23 PM |
|
Hi Jimmy,
Actually, yes, I have that same problem too, so would be interested to hear what support has to say back to you about it. If no one else has encountered the situation I describe above I guess I may have to log a ticket with them as well.
Keep me posted.
|
|
|
|
|
