Double URL problem after login | https in config.json gives session error
-
Hello, I got a problem.
I got the Double URL Problem and I find out my config.json URL was not right.
My website is https://keen.wtf and my config file is
"url": "http://keen.wtf",If I have this, It will give the Double URL problem when a person registers or log in.If I change it to
"url": "https://keen.wtf",I have a message"Session Mismatch
It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page."I'm running nginx if it something has to do with it or you need me post some information, I will do if you need something.
What can I do?
-
This post is deleted!
-
Can somebody help me please?
Do I need to change something in the Nginx config, or what do I need to do?
-
Hi @MJ, two things:
-
The double URL issue is resolved in latest master, so if you want to update to it, it should no longer happen.
-
Your config.url should really be https, though, so if you post your nginx config, I can help debug.
-
-
@julian thank you, I go post nginx config just a minute
-
This is nginx.conf
user www-data; worker_processes 4; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #}
-
this is the file
nginx/sites-enabled/keen.wtf.confserver { listen 80; server_name keen.wtf; rewrite ^ https://$host$request_uri? permanent; } server { listen 80; listen 443 ssl; server_name keen.wtf; ssl_certificate /etc/letsencrypt/live/keen.wtf/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/keen.wtf/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=31536000"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
-
The nginx config looks to be without issue -- when you switch the
config.jsonurl to the https value, you say you get an error about a session mismatch.What happens when you try to clear your cookies?
-
-
Did change it to
"url": "https://keen.wtf",same error.Cleared cookies - same error
Other browser - same error
On the Phone - same error
-
Change the language to English so the error is in English. This I get when I try to login on phone (and other browsers).
-
Okay two things:
- Remove the
listen 80;from the https block, it is unneeded. - Add
proxy_set_header X-Forwarded-Proto $scheme;, it seems to be missing.
Then reload nginx and it should hopefully be gone.
- Remove the
-
@julian did this.
did reload nginx now gonna check
-
Not working, same error
/etc/nginx/sites-enabled/keen.wtf.confdoes look like this nowserver { proxy_set_header X-Forwarded-Proto $scheme; server_name keen.wtf; rewrite ^ https://$host$request_uri? permanent; } server { listen 80; listen 443 ssl; server_name keen.wtf; ssl_certificate /etc/letsencrypt/live/keen.wtf/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/keen.wtf/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=31536000"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
-
@MJ said in Double URL problem after login | https in config.json gives session error:
proxy_set_header X-Forwarded-Proto $scheme;
That should be in the location block I think, like this
location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }See here for sample nginx configs.
-
@baris I will do
-
Guys you helped me a lot
Thank you it's all fine now 
-
Great!
Enjoy your NodeBB!
