Having to go to the index / logging in twice.

Started by StarredSkies, June 26, 2018, 12:41:43 PM

Previous topic - Next topic

StarredSkies

On my website, beastsofbeyond.com, I have been having this issue recently where when you first go to our index, you must go through the index twice / log in twice to enter the website. I'm not sure if it's a cache, theme, link, or even a server setting. If I could receive some help or perhaps some possible solutions, that'd be great.

For a quick log-in example:
- Press the login button
- Put in the correct information
- Be routed back to the index as if nothing happened
- Log in again
- Logging in was successful this time

For a quick index example:
- Clicking on a board (such as General Discussion)
- Instead of going to the board, it will reroute you to the index again
- Click on the board again. This time it will send you to the board

Perhaps relevant, but I keep getting the error  rs_remember

Arantor

It's not a regular problem, something is causing it to redirect back to the home page. Probably a mod you've installed.

But since neither the theme nor SMF's copyright is displayed... I'm not sure any help is appropriate.

StarredSkies

Here's a list of mods I've been using!
1.   @mention members   1.1.2     
2.   SMF Staff Page   1.7     
3.   markItUp! for SMF   0.5.5     
4.   Current Signature Mod   1.2     
5.   More Genders   1.0.1     
6.   SMFShop   3.3.5     
7.   Stop Spammer   2.3.9     
8.   Posting Template SMFSimple   1.0.3     
9.   SubAccounts Mod   1.0.1     
10.   Yet Another Spoiler Mod   1.1     
11.   Ignore Topics   2.3     
12.   Referrals System   3.2     
13.   Drafts      
14.   Ultimate Profile   0.9.1     
15.   SA Affiliates   3.3.5.6     
16.   BBCode with style   1.5.1     
17.   Bookmarks   2.5 
18.   Yet Another YouTube BBCode Tag   4.12     
19.   Topics Created And Participated In   2.9

Also, upon further inspection, this only happens when users first get on the website. It seems linked to PHPSESSID. While I know that's in the SMF core, it does seem suspicious that this is happening all of the sudden.
For example:
Logging into https://beastsofbeyond.com/index.php?PHPSESSID=n8u251943rqkhqpnkn29uu7s72&board=28.0 will reroute you to the main page again, but logging in from there will let you log in.

Oh shoot! I didn't realize that was hidden by our new theme we recently implemented. It's on our dark theme correctly(just double checked), so let me fix that right now.

edit // Fixed. Clearing history/cache/cookies should fix the problem with the theme. Sorry about that.

Kindred

I suspect that part of your problem is that you are using https in SMF, but not forcing it in the URL...   

and it requires a twice-click to do anything -- the first, when accessing beastsofbeyond - instead of going to the location, bounces and reloads https://beastsofbeyond.com/index.php


So - it looks like you probably have a misconfigured htaccess file
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

GigaWatt

Both http and https versions load fine on Pale Moon 27.9.2 x64. I didn't have to click twice to get to any thread or post.

In any case, Kindred is right, you should have http to https redirects in your htaccess file.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

StarredSkies

#5
So, I took a look at my htaccess file.

Originally it was this:
php_value display_errors on

<IfModule mod_rewrite.c>

RewriteEngine On

#remove PHPSESSID

RewriteCond %{QUERY_STRING} PHPSESSID=.*$

RewriteRule .* %{REQUEST_URI}? [R=301,L]

</IfModule>

php_flag session.use_trans_sid off

php_flag session.use_only_cookies on


but I changed it to:
php_value display_errors on

php_flag session.use_trans_sid off

php_flag session.use_only_cookies on


Also tried to turn the 'On' to 'Off' to see if this would fix my problem.

Going to be honest, but I have no clue why that bit of code was there. Perhaps it was user error on my part or something I edited and completely forgot about. Even so, this did not fix the current problem with the htaccess file.

So I tried to force a redirect through CPanel using this method. Ultimately it failed and gave me this error:
QuoteThere was an error adding the redirect.
Redirecting "" to "https://beastsofbeyond.com/index.php" will cause a redirection loop because "http://beastsofbeyond.com/", which is located at "/home/beastsof/public_html/", is above "https://beastsofbeyond.com/index.php", which is located at "/home/beastsof/public_html/" .
Also tried adding it with the "Forcing a specific domain to use HTTPS" method, along with "Forcing all website traffic to use HTTPS". I used an alternative version for the redirect.

Here is the new htaccess code:
QuoteRewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

<IfModule mod_security.c>
    # Turn off mod_security filtering.  SMF is a big boy, it does not need its hands held.
    SecFilterEngine Off

    # The below probably isn't needed, but better safe than sorry.
    SecFilterScanPOST Off
</IfModule>

php_value display_errors on

php_flag session.use_trans_sid off

php_flag session.use_only_cookies on

Even with the redirects, I'm still getting the double click error. It honestly still seems like a problem with the PHPsession id. (See screenshots below. To explain, the error seems to be in the session ID, as it only shows up on the index when you first try to click on the board/log in. The second time it's removed.) PHPSESSID, though, doesn't seem to be a complete and total problem though... right?
Perhaps I didn't reroute my HTTPs correctly? Maybe it's not set up correctly? I apologize if I'm a bit foolish. I'm new to this, really.

GigaWatt

I'm still not getting the double click error in my browser. What I am getting is an unlocked padlock on the home page. Some URLs are probably not configured correctly, most probably some image URLs. Check if all URLs are using https with repair_settings.php. Also check your logo URL and other URLs in the admin menu that are not reported via repair_settings.php.

As for the redirects to https in htaccess, try this.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

StarredSkies

No problems within repair_settings.php, as all redirects/links were HTTPS. Checked my images. My logo is https://imgur, while my affiliates (minus one, which I then removed) were all https accordingly. All theme settings are also https URLs. So, there is no problem within those areas.

As for the redirect to https in htaccess, that code gave us an invalid redirect error when typing in beastsofbeyond.com.

The problem is still persisting somehow. It still seems to revolve around PHPSESSID sadly, but that's just my theory.

GigaWatt

OK, you might have fixed some URLs in the meantime, so I checked, all of the pages, including the Home page, load with a locked keypad now.

As for the double click problem... as I said, I can't replicate it on my browser... everything seems fine *shrug*.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

StarredSkies

Ah that is good.

Try clearing the history for the site, closing the browser, and reloading. This is what helps me replicate it over and over again.

GigaWatt

OK, I just tried it in VM with Crhome (I haven't visited your site in that VM, so basically, the browser is a clean slate as far as your site is concerned). I clicked and clicked and clicked, jumping from board to board, from thread to thread, I searched the site... I still can't replicate the double click problem you're experiencing.

Are you sure it's not just on your end? Have other members complained about this? If they have, what browsers and OSes are they using? I tried it in Pale Moon on Windows 7 x64 and in Chrome on Windows 8.1 x64 (in the VM). Is this happening on the default theme (Curve)?

The only problem I could find is this sting of numbers that appears at the top of the theme when opening a thread, but this is probably a theme bug and not related to this problem at all.

"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Kindred

I have not tried again after the changes, but I got the two click issue every time, myself.

Windows 10, Firefox, ie... not tried with chrome
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

GigaWatt

Now, I'm leaning toward a browser specific issue, since I didn't try it with Firefox (seeing how Chrome is the "de facto" standard browser these days, I usually test with Chrome).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

StarredSkies

Yes, other members have experienced this problem. I, myself, have tried this on Chrome (mobile and desktop)/Safari/Edge and have received the problem every time I have a clean slate. Honestly, it's a very frustrating(while minor) issue.

It could have to do with the sting numbers(which show up for no reason that I know of). I believe it's theme related though.

Though, I'm willing to try anything. If you have any other suggestions, go ahead and I'll try my best.

GigaWatt

Well, why don't we start by trying to find out where that particular sting is coming from... I doubt it's related to the double click problem, but, let's eliminate it as a possible culprit.

Could you upload your theme here? I don't know which one you're using and besides, some mod might have edited some of the files. Also, name the theme so that we can compare your files with the original ones (if the theme is free and available for download). A download URL to the theme would also be nice, if it's not a theme downloaded from SMF.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Sir Osis of Liver

I see it in IE11 and FF60.  Only happens once, after that all links work correctly until browser is closed/cleared, then it happens again, just once.  Doesn't happen in Reseller out-of-box.  What happens in Curve?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

StarredSkies

Let's do that then.

Of course! You'll see my base theme linked down below(Reseller) and the curve theme is marked as default(which ironically does not work properly).

Tested with Curve. Same thing happens.





Sir Osis of Liver

Nothing wrong with theme, first login works every time in Reseller.

Quote from: Kindred on June 26, 2018, 02:47:11 PM
So - it looks like you probably have a misconfigured htaccess file
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

The8thHokage

Hey, Good times! I would like to place my 2 cents because I have had this issue myself. I believe the best course of action to troubleshoot a core problem is to run the repair_settings.php script, I know that it may say there are no problems, however I on a last ditch effort to get a theme to work, and to allow https I went a head and clicked on all of the recommended settings, this pretty much solved my problems, the directories I had was exactly the same but the letters were to be caps in them, and that did wonders. I realize that may not be the only issue, try to go to /index.php?theme=1 . This will take you to the core theme as long as its still installed on your server, then try to login using your credentials, if that doesn't fix it, I would see about your cookies, the SMFCookie is what holds the session and its data, I believe that if your settings for that checks out it may be a mod that is affecting the session. If you get that far and I would uninstall but not delete all of your mods, then try it, if that works then you now know its a mod that is causing this and the best course of action would be to install one at a time and login to see which mod this is. If that is not the case then it could be something to do with your apache or mysql server.

drewactual

are you on a shared server or dedicated? 

if it were me, and it isn't, but if it were- i'd remove the session's controls from the htaccess.... altogether... the default state of php.httpd/ini/ect is going to pass the torch to SMF without impeding it... i fear you may be creating an instance where the function introduced runs after the session has already been established, and destroying the already established session.  you can comment 'out' the entries in the htaccess to run some tests to see if this is a player in your issue, and if it isn't, remove the comments...

Advertisement: