Cookie sessions differ on root/home to the rest of the site
Permalink
I have odd issues with a difference between the Home page of an HTTPS site and the rest of the pages.
This is a C5 8.5.1 site.
I have developed my own bootstrap 4 based theme; where the Home page uses a different template than the rest of the site, but there is no difference in the header.
Each header contains this tag:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
But I don't think that causes the session issue that I have.
Every time I visit the Homepage, it looks like as if I'm not logged in;
but when i continue to click other pages, the toolbar appears and I can get into the Dashboard, so my login session works on the rest of the site.
What might this be?
All cookies are set to the Root path, so they should always work?
The server that the website is on won't allow me to turn index.php off but I do not think that can be the issue either.
Please help!
This is a C5 8.5.1 site.
I have developed my own bootstrap 4 based theme; where the Home page uses a different template than the rest of the site, but there is no difference in the header.
Each header contains this tag:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
But I don't think that causes the session issue that I have.
Every time I visit the Homepage, it looks like as if I'm not logged in;
but when i continue to click other pages, the toolbar appears and I can get into the Dashboard, so my login session works on the rest of the site.
What might this be?
All cookies are set to the Root path, so they should always work?
The server that the website is on won't allow me to turn index.php off but I do not think that can be the issue either.
Please help!
The problems were not with the server and/or pretty URL's - the problem was an htaccess issue.
It turned out that whenever anyone would type in the domain of the site in the address bar, it would automatically flip to the non-www domain, but if you click on any of the links it would take you to the WWW-version.
So the solution is to combine htaccess rules that make the domain ALWAYS redirect to both the https site AND add www to it.