My login doesn't last, and site is still unsafe.

Announcements about changes to the forums will be posted here. Also for suggestions and requests for technical assistance, etc.
Forum rules
Please read the Forum rules and policies before posting. You may Image to help finance the hosting costs of this forum.
Post Reply
User avatar
Gambit37
Should eat more pies
Posts: 13844
Joined: Wed May 31, 2000 1:57 pm
Location: Location, Location
Contact:

My login doesn't last, and site is still unsafe.

Post by Gambit37 »

Things are still weird here regarding logins and security:
  • Recently, I've had to login again every day. It seems like the login cookie is not persisting.
  • Chrome frequently blocks me from entering the site with its standard "Site is unsafe" warning page. I have to click through the Advanced button on that page to get to the site.
I think there's something wrong with the site's certificate and/or the way the secure and unsecure web addresses are linked. This stuff was always confusing to me when I used to admin the site, but I don't recall such problems on the host we used years ago. I wonder if there's something misconfigured with the current host? Anything I can do to help with that?
User avatar
Ameena
Wordweaver, Murafu Maker
Posts: 7638
Joined: Mon Mar 24, 2003 6:25 pm
Location: Here, where I am sitting!
Contact:

Re: My login doesn't last, and site is still unsafe.

Post by Ameena »

For the record, I'm not having any issues here - it keeps me logged in and I get no error messages? Maybe it's a browser thing? I use Firefox.
______________________________________________
Ameena, self-declared Wordweaver, Beastmaker, Thoughtbringer, and great smegger of dungeon editing!
User avatar
Gambit37
Should eat more pies
Posts: 13844
Joined: Wed May 31, 2000 1:57 pm
Location: Location, Location
Contact:

Re: My login doesn't last, and site is still unsafe.

Post by Gambit37 »

I'll try another browser for a while and see if that makes a difference. Chrome is normally pretty reliable, but I think its security filters black marked the site a long time ago. Maybe. Who knows!
User avatar
ChristopheF
Encyclopedist
Posts: 1729
Joined: Sun Oct 24, 1999 2:36 pm
Location: France
Contact:

Re: My login doesn't last, and site is still unsafe.

Post by ChristopheF »

I don't have any issue either. I mostly use Edge (though I have Chrome, Brave & Firefox).
I just quickly checked in Chrome, I don't have any warning message.

The site uses apache2 configured to listen on both http 80 & https 443. There is an automatic redirection from http to https for any URL configured in .htaccess at the root of the site with these 2 rules:

Code: Select all

# Redirection http://dungeon-master.com or http://www.dungeon-master.com -> https://www.dungeon-master.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(?:www\.)?dungeon-master\.com(?:.*)$ [nc]
RewriteRule ^(.*)$ https://www.dungeon-master.com%{REQUEST_URI} [redirect=301,L]

# Redirection http://dungeon-master.com or https://dungeon-master.com -> https://www.dungeon-master.com
RewriteEngine On
RewriteCond %{HTTP_HOST} ^dungeon-master\.com(?:.*)$ [nc]
RewriteRule ^(.*)$ https://www.dungeon-master.com%{REQUEST_URI} [redirect=301,L]
I use certbot to automatically enroll & renew the SSL certificate from Let's Encrypt.

Can you try with "private browsing" mode of Chrome?
Can you try to deleting all cookies for both dungeon-master.com & www.dungeon-master.com, and try again?
Can you try other browsers?
Maybe you have one extension in Chrome that would interfere? Like any antivirus or security/filtering/parental control tools. You can try disabling all your extensions to check if it works better.
Can you post screenshots of the error messages that you get ?
User avatar
Gambit37
Should eat more pies
Posts: 13844
Joined: Wed May 31, 2000 1:57 pm
Location: Location, Location
Contact:

Re: My login doesn't last, and site is still unsafe.

Post by Gambit37 »

I checked the cookies for the site, and three exist while logged in. As soon as I close the tab and return to the site, when I check the cookies they have been deleted. I suspect Chrome is deleting them silently because it still thinks the site is unsafe.

I've added the domain into Chrome's "Always allow cookies" settings and it seems to now remember that I'm logged in at least. I've not seen the browser "unsafe" warning for a while, I'll keep an eye on that.

EDIT: Well, that didn't work. Chrome deleted the cookies again. Sigh. I don't really want to use a different browser just for one site. I'll see if I can get to the bottom of this.
Screenshot 2026-07-07 at 10.42.16.png
User avatar
ChristopheF
Encyclopedist
Posts: 1729
Joined: Sun Oct 24, 1999 2:36 pm
Location: France
Contact:

Re: My login doesn't last, and site is still unsafe.

Post by ChristopheF »

Your screenshot shows an option for third-party cookies. The forum does not use third-party cookies, so this option should make no difference.
Testing with other browsers might help you locate the issue.
If you get the same behavior with other browsers, then you may have some external app that filters cookies (a security/privacy tool).
If the issue is only in chrome, this might be caused by a custom configuration setting (you may try restoring default settings https://support.google.com/chrome/answer/3296214?hl=en ), or an extension (you may try disabling them all).
Good luck!
Post Reply