3

I've been using Magento shop on an unsecured host for almost a month. I recently setup a secure host(SSL) and directed it to point to same directory as used for unsecured host. But to my surprise, when i try to login to admin panel using secure url, it redirects me to the unsecured one.

I have changed secure_base_url in core_... table, as well as cleared the caches, but its still not working.

Whats happenning ?

Thanks in advance for the help...

benmarks
  • 16,675
  • 4
  • 41
  • 108
Nitin Bansal
  • 163
  • 1
  • 6
  • Go to: http://programmers.stackexchange.com/ for you question. As seen in: http://stackoverflow.com/questions/7145920/magento-store-url-does-not-redirect-to-secure-base-url –  Mar 26 '13 at 09:30
  • thnx.....posted on magento.stackexchage.... – Nitin Bansal Mar 26 '13 at 09:55
  • 1
    Drop a conditional exit() in your index.php file, access it via HTTPS and see if you are redirected. That will at least rule out the webserver config. – benmarks May 10 '13 at 12:03

1 Answers1

5

The redirection back to the login page (with no error) usually means that the session cookie saved was by the wrong domain path.

Try setting your Cookie Domain and make sure that HTTP Only is disabled in Magento.

Do the following:

  1. Go to System > Configuration > Web
  2. Expand Session Cookie Management
  3. Set the following:
    Cookie Path: /
    Cookie Domain: yoursite.com
    Use HTTP Only: No
  4. Save the configuration.

After making configuration changes, flush your Magento Cache, clear your browser cache/cookies and try logging in again.

Axel
  • 630
  • 3
  • 12
  • Note: Disabling HttpOnly is counter productive to some browsers as it disables security on cross-site scripting (XSS) flaws: https://www.owasp.org/index.php/HttpOnly#What_is_HttpOnly.3F – B00MER Feb 17 '16 at 10:54