ForumGarden

Anyone notice that the home page is broken over https://? For example:

https://www.forumgarden.com/

The problem are these lines:





It doesn't look like yahooapis serves these over https, so they will be blocked if not. To fix, the scripts probably could to be downloaded to a local folder, and served directly from the forum site through https.

I also notice the site is hopping between http and https. This can cause session and login issues since, cookies won't be shared across the two protocols. I'd recommend serving everything through https only.

Would that fix these login and refreshing issues?

Yeah, it might help. There could be more than one issue too.

I did just check the login URL and it is on https (which is correct). So that much looks good.

Mixing http and https can easily cause session issues. From the perspective of the browser, http and https are two completely separate websites. The safest route is to run everything on https, then only use http to redirect straight to the https url.

Are SSL certificates worth it?

Yeah, overall they are good.

On the practical level, there's probably little risk of running this forum without a cert. Since there's little or no sensitive data ever posted on the site (no one posts credit card or financial information).

Though longer term, browsers and search engines are starting to penalize sites if they don't have a cert. Everything is moving towards https, as a standard. Chrome is going to start displaying warnings on sites without it.

Yeah I just ran into a login issue. The http:// and https:// mismatch is what's causing the login/session issue.

The cookie is saved under the https url, then the "home" link routes back to the http url. These are two different sites as far as the browser is concerned. So the cookie is ignored, and the session is lost on http. The whole site needs to be either all http or all https, but it should not mix the two protocols.

Perhaps spot or Bryn will have occasion to stop by and fix the issue now that it's been diagnosed.

Ahso!;1521115 wrote: Perhaps spot or Bryn will have occasion to stop by and fix the issue now that it's been diagnosed.


I'd love to but ... I'll have a word with Spot and see if he can do the honours BTW, thanks for taking the time to look into it

I can't seem to figure out how to post pics anymore. I click on manage attachments and nothing happens..

yaaarrrgg;1521076 wrote: The problem are these lines:








I'm back in England. I was away, I'm now back.

I'll take a week to plan a migration, I do know we have a collection of issues which have to be cleaned up and a fresh server with a current version of vBulletin is what's needed. I've tried three times, though not recently, to migrate, and failed on details. I have my notes, I've a far better idea of what's needed, and I now have enough time to push it to completion.

I'll try to post enough information to show what's coming up and when it will cause disruption, it's definitely going to take the site offline for a day eventually.