Forums

WordPress › Support » Plugins and Hacks

Theme My Login
redirects to insecure location even when force_ssl specified (3 posts)

  1. datapharmer
    Member
    Posted 1 year ago #

    When the login cookie must be reauthenticated users are sent to http://domain.com/subsite/login/?redirect_to=https%3A%2F%2Fdomain.com%2Fsubsite%2Fwp-admin%2F&reauth=1

    This results in users being required to enter their information twice, once in an insecure fashion!

    Instead, the generated uri should be https://domain.com/subsite/login/?redirect_to=https%3A%2F%2Fdomain.com%2Fsubsite%2Fwp-admin%2F&reauth=1

    Not sure if this is due to theme my login or the domain mapping plugin, but any help tracking it down would be appreciated.

  2. Jeff Farthing
    Member
    Posted 1 year ago #

    You can start by disabling the other plugin and note if it still happens.

  3. datapharmer
    Member
    Posted 1 year ago #

    Unfortunately, that isn't very realistic as it would break all of the websites since it would disable domain mapping and everyone visiting the sites would get a 404.... That said I am in the process of setting up a non-production environment and will test this combo in it to narrow things down.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags