Support

Admin Tools

#13385 https sticks after using the only ssl enabled page

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Saturday, 25 August 2012 12:25 CDT

Saturday, 25 August 2012 08:12 CDT

DaveOzric
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Don't know where this is.
Have I searched the tickets before posting? Y
Have I read the documentation before posting (which pages?)? Yes, .htaccess, waf, seo and links
Joomla! version: (2.5.6)
PHP version: (5.2.13)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (2.3.2)

Description of my issue: I cannot figure out if AT is causing my issue but I have search Google and worked with my hosting company for a day now. I can only assume it may be this since it has some settings for https.

What happens is I have installed a ssl certificate and assigned 4 pages using the joomla menu items to be https. When you go to the site everythng is fine and http until you go to one of the assigned https page, then the rest of the site stay https until you close the browser and clear the cache and reopen. I see a bunch of setting in seo, .htaccess and waf but they and the instructions don't make sense to me. It looks to me like it's probably in the cutsom .htaccess I created but my domain is the same for both http and https. You can see why I am confused.

Thank you

Saturday, 25 August 2012 08:27 CDT

DaveOzric
Forgot. I did see another post with the opposite issue
Convert all links to HTTPS when site is accessed over SSL not working


AT system plugin was -200.I had joomla system cache on and disabled that, didn't see to make any difference. I did clear Joomla cache and browser cache.

Thanks

Saturday, 25 August 2012 11:42 CDT

DaveOzric
Sorry, I have changed it to make the whole site https for a file download to be https

Anyway, it is not forcing this to ssl like the above support case referenced. In other words if you type in the http url or find a link say on Google without it then it is not a https page until you click on a menu link.

Can this be done via the AT somehow. It is set in Joomla GC to force entire site. I have also set the Convert all links to HTTPS when site is accessed over SSL to yes.

Can this be done like the www to non www. I see settings in the .htaccess maker but can't quite wrap my head around this. The System configuration part both have my domain in the http and https entries. Do I need to delete the http entry?

I don't know about the CDN part either.

Saturday, 25 August 2012 11:55 CDT

nicholas
Hello Dave,

What you describe (HTTS "sticking" after visiting a page over SSL) is how Joomla! works. It has nothing to do with Admin Tools and it can't be worked around by Admin Tools. The only thing you can do is set all menu items to forcibly NOT use SSL (it's in the menu options) except those menu items you do want them to be viewed over SSL. Mind you, this is not a holistic approach. It is still possible that you end up viewing pages without an Itemid (not belonging to a menu item), therefore HTTPS would "stick" for them as well.

Again, please note that this Joomla! behaviour can not be worked around effectively in any way, including .htaccess rules and/or PHP code in an extension. At best you can achieve a half-solution.

In any case, I would propose putting all of your pages through HTTPS unless you have a very good reason not to. HTTPS increases the server load by less than 1% (which is peanuts). Serving login cookies over plain HTTP is insecure as there is a strong chance than someone can steal the cookie and spoof the logged in user. By making the site HTTPS only you effectively work around this kind of attack possibility. It is exactly why I have made this site HTTPS-only. The only drawbacks I can think to an HTTPS-only site is that some third party services, like Facebook and Twitter, may require special configuration in order not to throw errors. Moreover, some services like Disqus do not yet offer an HTTPS-ready implementation. That's the only show-stopper I can think which could lead someone who has already invested in an SSL certificate not using it site-wide.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 25 August 2012 12:01 CDT

DaveOzric
Thanks for that. As you can see I did change my mind and need to use it site wide. The force ssl in the global config does not work with bookmarks, Google results or just typing in the non https url.

How can I redirect to always go to the https version. .htaccess must have a way.

Thank you

Saturday, 25 August 2012 12:09 CDT

nicholas
Oops! I was typing my reply before receiving your last post :s You can do a mass force-HTTPS in the following way:
- In Joomla! Global Configuration set Force SSL to Entire Site
- Make sure all menus have Secure set to Ignore in their Metadata Options area
- In .htaccess Maker, "Custom .htaccess rules at the top of the file" add this:
RewriteCond %{HTTPS} ^off$ [NC,OR]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://www.example.com/$1 [R=301,L]

where www.example.com must be replaced with your site's domain name.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 25 August 2012 12:25 CDT

DaveOzric
You ROCK. The custom htaccess rule worked like a charm!

Thank you very much.

Saturday, 25 August 2012 12:25 CDT

nicholas
You're welcome, Dave :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!