Advertisement:

Author Topic: Unable to enable SSL cookies  (Read 726 times)

Offline MobileCS

  • Jr. Member
  • **
  • Posts: 161
Unable to enable SSL cookies
« on: January 15, 2018, 11:44:59 PM »
I've just converted my website to HTTPS and the option to enable SSL cookies is grey'd out. My settings file is writable.

Does SMF try to detect HTTPS before allowing that option to be set?

If so, it will not be detected on my site as I use Nginx in front of Apache and "proxypass" via HTTP. I do not have SSL enabled in Apache.

How can I manually bypass this restriction?

Offline MobileCS

  • Jr. Member
  • **
  • Posts: 161
Re: Unable to enable SSL cookies
« Reply #1 on: January 17, 2018, 11:40:41 AM »
Adding the following to Settings.php solved the issue.

$_SERVER['HTTPS'] = 'on';

Is this safe to use in my situation?

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,627
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Unable to enable SSL cookies
« Reply #2 on: January 17, 2018, 02:12:49 PM »
Those are actually really good questions, ones i'm unable to give a good answer to -
but you can check your current Cookies status easily if you use Chrome.

Chrome DevTools -> Application Panel -> Cookies, and see if your Cookie is set as secure.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline MobileCS

  • Jr. Member
  • **
  • Posts: 161
Re: Unable to enable SSL cookies
« Reply #3 on: January 18, 2018, 10:02:43 PM »
The cookies are not secure right now.

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,627
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Unable to enable SSL cookies
« Reply #4 on: January 19, 2018, 08:26:38 AM »
This is an area where I feel I must repeat I am not very familiar with - but I did find more than a few websites that seem to deal with a similar situation through Nginx configuration.

I hope someone with more experience on the issue can help you further, but this seemed like a good starting point to me
https://geekflare.com/httponly-secure-cookie-nginx/
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,639
    • StoryBB/StoryBB on GitHub
Re: Unable to enable SSL cookies
« Reply #5 on: January 19, 2018, 08:33:18 AM »
The problem is that SMF tries to detect if HTTPS is in use and it can't know that it is because of the proxy.

Assuming you don't allow traffic over HTTP and always redirect to HTTPS, what you've done in Settings.php should be safe.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline MobileCS

  • Jr. Member
  • **
  • Posts: 161
Re: Unable to enable SSL cookies
« Reply #6 on: January 19, 2018, 08:32:30 PM »
The problem is that SMF tries to detect if HTTPS is in use and it can't know that it is because of the proxy.

Assuming you don't allow traffic over HTTP and always redirect to HTTPS, what you've done in Settings.php should be safe.

Thank you!

Yes, I have Nginx set to redirect all traffic to HTTPS.

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,627
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Unable to enable SSL cookies
« Reply #7 on: January 24, 2018, 03:11:53 PM »
Is this solved then? :)
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas