Richard1967 Posted April 20, 2017 Share Posted April 20, 2017 (edited) Hi All Has anyone else had this issue with v6.1.6 Unable to login after upgrade changed the url like before (Security Alert: Possible Cross-Site Request Forgery (CSRF) or browser back button used) tried closing the browser tried different browser but still unable to login Edited April 20, 2017 by Richard1967 Quote Link to comment Share on other sites More sharing options...
ayz1 Posted April 20, 2017 Share Posted April 20, 2017 Try adding https://www.at the front of the admin URL Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted April 20, 2017 Share Posted April 20, 2017 Thats right. If SSL is enabled CubeCart will set secure session cookie so the admin login won't work under standard HTTP page loads. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 21, 2017 Share Posted April 21, 2017 So, better get the SSL working before switching it on? And is it the case that moving a site will require that SSL be switched off prior to the move? Like in CC3/4? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted April 21, 2017 Share Posted April 21, 2017 2 hours ago, bsmither said: So, better get the SSL working before switching it on? You should always install an SSL and validate it is working correctly before enabling it in any application. We enable HSTS on all our servers anyway which negates this issue - if an account has SSL installed, then it is only possible to connect via a secure connection Ian Quote Link to comment Share on other sites More sharing options...
ayz1 Posted April 21, 2017 Share Posted April 21, 2017 2 hours ago, bsmither said: And is it the case that moving a site will require that SSL be switched off prior to the move? Like in CC3/4? I tried copying a 6.0.0 site to a test server and forgot to switch off SSL in admin I then got the security alert. I then tried copying again after switching SSL off and didn't get the security alert. So assume the answer is yes. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted April 21, 2017 Share Posted April 21, 2017 2 hours ago, bsmither said: So, better get the SSL working before switching it on? And is it the case that moving a site will require that SSL be switched off prior to the move? Like in CC3/4? Yes and yes it looks like. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.