New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logins redirect to Membership Options Page when site-wide SSL in use #1009
Comments
Noting that I have NOT reproduced this issue myself yet. I wanted to file this report immediately as I have seen these exact same symptoms at least a dozen times. I'm marking this as |
Force non-SSL login off by default. See: #1009
Force non-SSL login off by default. See: #1009
Next Release Changelog:
|
@raamdev This has been completed. Please review and close if you are satisfied with the changelog above. |
This also takes care of #977. |
@jaswsinc writes...
Hmmm, my first thought when I read that was to wonder if "Force SSL" plugins that might be in use out there would still cause the original problem (Login Welcome Page being redirected to Membership Options Page). If those plugins don't change the Here's a list of SSL plugins in the WordPress Plugin Directory, and here's one with 60,000+ active installs. We should review the source code of a few of those plugins to see if the above fix is going to be sufficient. @KTS915 writes...
Thanks for the heads up! :-) I've closed that issue in favor of this one. |
Updating changelog to the following. A last-minute update to the work completed previously improves this further by also looking at the
|
@raamdev writes...
Plugins like those are forcing SSL to begin with. If you log into the site over SSL (i.e., a plugin like one of those forces SSL), then whenever you log into the site you are already on the Compatibility should be improved in this regard now, because now the default behavior in s2Member is simply to use the default WordPress behavior (i.e., keep the same protocol that you are logging in with. Starting with the next release, the only time s2Member will force a change in protocol when redirecting, is when the following conditions are true.
I do understand what you're saying though. A way of this going wrong is to install a force SSL plugin and also meet the above criteria for a redirection protocol change in s2Member. However, I'm not seeing any way to reliably detect this (more than we already are) across a variety of plugins that force SSL. We would need to do an integration with each plugin for it to work 100% in all cases without issue. Also, the risk of this happening seems very low to me. If you're using a force SSL plugin, then you are likely not using In scenarios where this does become an issue, the filter we expose can be used to gain more control over this behavior and dictate when/if <?php
add_filter('ws_plugin__s2member_login_redirection_always_http', '__return_true');
// OR add_filter('ws_plugin__s2member_login_redirection_always_http', '__return_false'); |
@jaswsinc @raamdev Confirmed working in s2Member v161117-RC. The option no longer appears in the panel and login redirection happens correctly for the respective site configurations. Setting the |
s2Member v161129 has been released and includes changes from this GitHub Issue. See the v161129 announcement for further details. This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#1009). |
We have had several reports of an issue where users would incorrectly be redirected to the Membership Options Page when logging in, instead of being redirected to the Login Welcome Page as would be expected. I have seen many reports like this over the past several months, but I always chocked them up to a plugin conflict, that is until I saw these two posts on the forums:
Those indicate that the default s2Member configuration causes this mysterious redirect problem when a site is configured to use SSL. The reports vary with how the sites are configured to use site-wide SSL, but my feeling is that this issue is big enough and widespread enough that it deserves attention.
With SSL on the rise, I don't see any reason s2Member should be forcing non-SSL redirects and I propose we change this default to "No, do NOT modify". I also propose that we force this change with the next release and update this option to "No, do NOT modify".
The text was updated successfully, but these errors were encountered: