- Recently, I've had to login again every day. It seems like the login cookie is not persisting.
- Chrome frequently blocks me from entering the site with its standard "Site is unsafe" warning page. I have to click through the Advanced button on that page to get to the site.
My login doesn't last, and site is still unsafe.
Forum rules
Please read the Forum rules and policies before posting. You may
to help finance the hosting costs of this forum.
Please read the Forum rules and policies before posting. You may
to help finance the hosting costs of this forum.
- Gambit37
- Should eat more pies
- Posts: 13844
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
My login doesn't last, and site is still unsafe.
Things are still weird here regarding logins and security:
- Ameena
- Wordweaver, Murafu Maker
- Posts: 7641
- Joined: Mon Mar 24, 2003 6:25 pm
- Location: Here, where I am sitting!
- Contact:
Re: My login doesn't last, and site is still unsafe.
For the record, I'm not having any issues here - it keeps me logged in and I get no error messages? Maybe it's a browser thing? I use Firefox.
______________________________________________
Ameena, self-declared Wordweaver, Beastmaker, Thoughtbringer, and great smegger of dungeon editing!
Ameena, self-declared Wordweaver, Beastmaker, Thoughtbringer, and great smegger of dungeon editing!
- Gambit37
- Should eat more pies
- Posts: 13844
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Re: My login doesn't last, and site is still unsafe.
I'll try another browser for a while and see if that makes a difference. Chrome is normally pretty reliable, but I think its security filters black marked the site a long time ago. Maybe. Who knows!
- ChristopheF
- Encyclopedist
- Posts: 1742
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
Re: My login doesn't last, and site is still unsafe.
I don't have any issue either. I mostly use Edge (though I have Chrome, Brave & Firefox).
I just quickly checked in Chrome, I don't have any warning message.
The site uses apache2 configured to listen on both http 80 & https 443. There is an automatic redirection from http to https for any URL configured in .htaccess at the root of the site with these 2 rules:
I use certbot to automatically enroll & renew the SSL certificate from Let's Encrypt.
Can you try with "private browsing" mode of Chrome?
Can you try to deleting all cookies for both dungeon-master.com & www.dungeon-master.com, and try again?
Can you try other browsers?
Maybe you have one extension in Chrome that would interfere? Like any antivirus or security/filtering/parental control tools. You can try disabling all your extensions to check if it works better.
Can you post screenshots of the error messages that you get ?
I just quickly checked in Chrome, I don't have any warning message.
The site uses apache2 configured to listen on both http 80 & https 443. There is an automatic redirection from http to https for any URL configured in .htaccess at the root of the site with these 2 rules:
Code: Select all
# Redirection http://dungeon-master.com or http://www.dungeon-master.com -> https://www.dungeon-master.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(?:www\.)?dungeon-master\.com(?:.*)$ [nc]
RewriteRule ^(.*)$ https://www.dungeon-master.com%{REQUEST_URI} [redirect=301,L]
# Redirection http://dungeon-master.com or https://dungeon-master.com -> https://www.dungeon-master.com
RewriteEngine On
RewriteCond %{HTTP_HOST} ^dungeon-master\.com(?:.*)$ [nc]
RewriteRule ^(.*)$ https://www.dungeon-master.com%{REQUEST_URI} [redirect=301,L]Can you try with "private browsing" mode of Chrome?
Can you try to deleting all cookies for both dungeon-master.com & www.dungeon-master.com, and try again?
Can you try other browsers?
Maybe you have one extension in Chrome that would interfere? Like any antivirus or security/filtering/parental control tools. You can try disabling all your extensions to check if it works better.
Can you post screenshots of the error messages that you get ?
Christophe - Dungeon Master Encyclopaedia
- Gambit37
- Should eat more pies
- Posts: 13844
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Re: My login doesn't last, and site is still unsafe.
I checked the cookies for the site, and three exist while logged in. As soon as I close the tab and return to the site, when I check the cookies they have been deleted. I suspect Chrome is deleting them silently because it still thinks the site is unsafe.
I've added the domain into Chrome's "Always allow cookies" settings and it seems to now remember that I'm logged in at least. I've not seen the browser "unsafe" warning for a while, I'll keep an eye on that.
EDIT: Well, that didn't work. Chrome deleted the cookies again. Sigh. I don't really want to use a different browser just for one site. I'll see if I can get to the bottom of this.
I've added the domain into Chrome's "Always allow cookies" settings and it seems to now remember that I'm logged in at least. I've not seen the browser "unsafe" warning for a while, I'll keep an eye on that.
EDIT: Well, that didn't work. Chrome deleted the cookies again. Sigh. I don't really want to use a different browser just for one site. I'll see if I can get to the bottom of this.
- ChristopheF
- Encyclopedist
- Posts: 1742
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
Re: My login doesn't last, and site is still unsafe.
Your screenshot shows an option for third-party cookies. The forum does not use third-party cookies, so this option should make no difference.
Testing with other browsers might help you locate the issue.
If you get the same behavior with other browsers, then you may have some external app that filters cookies (a security/privacy tool).
If the issue is only in chrome, this might be caused by a custom configuration setting (you may try restoring default settings https://support.google.com/chrome/answer/3296214?hl=en ), or an extension (you may try disabling them all).
Good luck!
Testing with other browsers might help you locate the issue.
If you get the same behavior with other browsers, then you may have some external app that filters cookies (a security/privacy tool).
If the issue is only in chrome, this might be caused by a custom configuration setting (you may try restoring default settings https://support.google.com/chrome/answer/3296214?hl=en ), or an extension (you may try disabling them all).
Good luck!
Christophe - Dungeon Master Encyclopaedia
- Ameena
- Wordweaver, Murafu Maker
- Posts: 7641
- Joined: Mon Mar 24, 2003 6:25 pm
- Location: Here, where I am sitting!
- Contact:
Re: My login doesn't last, and site is still unsafe.
Hey, so an update on this from my end - when I went to access the forum just now, I noticed I wasn't logged in (normally I'm perma-logged-in), and when clicking the Username and Password boxes it had a little pop-up thing under them saying the connection wasn't secure. I was still able to log in just fine (on the second attempt, as I couldn't remember my password at first
), but just thought I'd let you know.
______________________________________________
Ameena, self-declared Wordweaver, Beastmaker, Thoughtbringer, and great smegger of dungeon editing!
Ameena, self-declared Wordweaver, Beastmaker, Thoughtbringer, and great smegger of dungeon editing!
- ChristopheF
- Encyclopedist
- Posts: 1742
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
Re: My login doesn't last, and site is still unsafe.
The hosting company made a critical server update yesterday and there was some down time.
After that I also had to reconnect to the forum. No issue since them when coming back here. So I guess this only was transient issue, but please report here again if the same issue occurs again.
After that I also had to reconnect to the forum. No issue since them when coming back here. So I guess this only was transient issue, but please report here again if the same issue occurs again.
Christophe - Dungeon Master Encyclopaedia
- Ameena
- Wordweaver, Murafu Maker
- Posts: 7641
- Joined: Mon Mar 24, 2003 6:25 pm
- Location: Here, where I am sitting!
- Contact:
Re: My login doesn't last, and site is still unsafe.
Just did again today, yes - went to forum, found I was logged out, had to log in and the username/password things had a little pop-up below them saying the site is unsafe/my info is not secure.
______________________________________________
Ameena, self-declared Wordweaver, Beastmaker, Thoughtbringer, and great smegger of dungeon editing!
Ameena, self-declared Wordweaver, Beastmaker, Thoughtbringer, and great smegger of dungeon editing!
- ChristopheF
- Encyclopedist
- Posts: 1742
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
Re: My login doesn't last, and site is still unsafe.
OK.. I wonder what is going on, as I don't experience this issue. You use Firefox, right ?
Christophe - Dungeon Master Encyclopaedia
- ChristopheF
- Encyclopedist
- Posts: 1742
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
Re: My login doesn't last, and site is still unsafe.
In order to troubleshoot this, if you can reproduce this issue, then please:
- Take a screenshot of the messages you see
- Please check the exact URL that is being used: does it start with http or https ? (you may need to click in the address bar as some browsers hide this by default)
- If using https, then please click the padlock icon on the left of the URL and check what certificate you get (please take a screenshot too)
- Please ensure that you do have cookies in your browser for dungeon-master.com. If you don't have cookies, there is no persistent session and you must login again.
- Take a screenshot of the messages you see
- Please check the exact URL that is being used: does it start with http or https ? (you may need to click in the address bar as some browsers hide this by default)
- If using https, then please click the padlock icon on the left of the URL and check what certificate you get (please take a screenshot too)
- Please ensure that you do have cookies in your browser for dungeon-master.com. If you don't have cookies, there is no persistent session and you must login again.
Christophe - Dungeon Master Encyclopaedia
- ChristopheF
- Encyclopedist
- Posts: 1742
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
Re: My login doesn't last, and site is still unsafe.
I think I nailed it!
The http to https redirection was only working at the root of the site for URLs http://www.dungeon-master.com/ or http://dungeon-master.com/ but was not working anymore for URLs like http://www.dungeon-master.com/forum/* since one of the last phpbb updates I made some time ago (can't say which one) because of conflicting .htaccess files.
I guess you are still using old bookmarks or links that specify http instead of https, and these were not properly redirected to use https. That is why your browser would display the warning message about being unsecure. If you came here with http, you had issues. If you came with https all was fine. I suppose the cookie issues were not the cause but instead the consequence of using http.
I have fixed the redirection issue (I hope 100% this time) so please report again if you still have issues.
The http to https redirection was only working at the root of the site for URLs http://www.dungeon-master.com/ or http://dungeon-master.com/ but was not working anymore for URLs like http://www.dungeon-master.com/forum/* since one of the last phpbb updates I made some time ago (can't say which one) because of conflicting .htaccess files.
I guess you are still using old bookmarks or links that specify http instead of https, and these were not properly redirected to use https. That is why your browser would display the warning message about being unsecure. If you came here with http, you had issues. If you came with https all was fine. I suppose the cookie issues were not the cause but instead the consequence of using http.
I have fixed the redirection issue (I hope 100% this time) so please report again if you still have issues.
Christophe - Dungeon Master Encyclopaedia