0

Our website is using Force SSL on all pages. There is a massive issue that whenever a HTTP url is requested, the session is lost and the user is logged out, even though they are still redirected to the HTTPS page.

This is really frustrating and I don't see why HTTPS sessions are lost just because an HTTP URL is requested and redirected to the HTTPS version. Any ideas?

Improve this question

1 Answer 1

Reset to default
1

Just found that this is a known issue as https redirection is done in the routing- after the session is instantiated - https://github.com/joomla/joomla-cms/issues/4960

A simple fix is to use https redirection in .htaccess

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.