SSL issue "when Force SSL for all site pages" is disabled

[cesaremarasco]

Hi,
I published locally nopcommerce and i deployed it on IIS (ever locally) with self signed certificate and fake domain name mapped on the host file to 127.0.0.1. After i configured nop with
Force SSL for all site pages = false.

In this situation after login and after redirection in home page, isn't diplayed "Administration" link on top of page anymore and seams that i not logged in, but i was.

Please can you check this scenario.

[AndreiMaz]

Please see #2834

[guy-shahine]

@AndreiMaz I'm probably missing something. Your referred work item states that NopCommerce 4.0 forces SSL everywhere but I'm not seeing this behavior. I'm actually facing an opposite behavior where my site https://soutoujewelry.com redirects to http://soutoujewelry.com and after a user logs in, it looks like they haven't logged in. If I click on my account then it redirects to https site and all login attributes are reflected.

I thought it was a caching issue but I tried different browsers and it still redirects home page from HTTPS to HTTP. I feel like it's a misconfiguration that I can't figure out. I changed the store default URL to HTTPS so I started getting too many redirects. Before I write my own wildcard redirect rule, I was wondering if there is a setting that I need to flip.

Thanks

[AndreiMaz]

@chlela you have to enable "Force SSL for all site pages" for the entire site now

[guy-shahine]

I have enabled it in Admin->Configuration->General Settings and I made sure the key in all settings “securitysettings.forcesslforallpages” is set to True. Still the same behavior. I restarted my application in Azure and I’m suspecting it’s a caching issue

[guy-shahine]

It was indeed a caching issue. After clearing the cache and restarting the application inside NopCommerce, SSL is enforced on all pages and login issue is fixed. Thanks