@sksksksk opened this Issue on January 19th 2013

I'm using the force_ssl_login option to force the login screen to use SSL. Now I want to use the new overlay feature and am confronted with a message that "The Page Overlay session couldn't be launched yet."

From the faq I see that this happens because piwik uses SSL and the overlayed site does not support it. I tried to change the URL in my browser from https://mypiwikhost/xxxx to simple http, but this redirects again to the https version because of this force_ssl_login option. When I disable the force_ssl_login option, I see the overlay with no problems.

So the issue is that with the force_ssl_login option I can't use the overlay function on non SSL Sites. It seems that not only the login screen but all the piwik actions are redirected to SSL.

Keywords: overlay force_ssl_login

@sksksksk commented on January 21st 2013

Attachment: Configuration file
config.ini.php

@mattab commented on January 21st 2013 Owner

force_ssl_login should only redirect the login screen. are you sure you are using this config only? pls post your config.ini.php

@sksksksk commented on January 21st 2013

Matt, thank you for taking time to respond to this ticket. I've created an attachment with my config.ini.php
I've replaced the stuff dealing with passwords.

@anonymous-piwik-user commented on January 30th 2013

I've got the same behavior.
When i switch force_ssl_login=1 it will change the login page to HTTPS. So far it is right!
After successfull login it will not switch back to HTTP. Therefore the OverlayPage is trying to use HTTPS to the web page i'm tracking. But there is no HTTPS avialable.
Eather the OverlayPlugin uses HTTP or HTTPS as configurable parameter or a switch back to HTTP after login PIWIK will do the job.

My proposal is to save the compelete "URLs" like "http://myside.com" or when used HTTPS then "https://myside.com" in the "configuration -> websides" configuration page.

The "OverlayPage" should use precise this URL. So it is possible to use HTTP or HTTPS in the OverlayPage URL in the way the web side is accessable without dependence of accessing the PIWIK web side.

Best regards!

@diosmosis commented on February 5th 2013 Member

In a7c4cf9d9c3b3a172acd30e07c68974826aa61e6: Refs #3691, refactor Goals 'conversions by type of visit' template/logic into reusable View in CoreHome.

Notes:

  • Removed need for initial AJAX loading in new view.
@diosmosis commented on February 5th 2013 Member

Wrong ticket, a7c4cf9d9c3b3a172acd30e07c68974826aa61e6 refs #3619.

@mattab commented on January 10th 2014 Owner

I dont actually see as a bug that we stay on SSL...

@sksksksk commented on January 10th 2014

well, then I would characterize the force_ssl_login option at least as "unclear" in what it does. I would expect that it just forces the login screen to be in a ssl connection, whereas
1) it forces all access to piwik to be in SSL, and not only the login screen (what would be the difference with force_ssl??)
2) it brakes features of piwik's web interface for non SSL sites.

This should be worth at least a comment or explanation in the documentation

@mattab commented on January 13th 2014 Owner

Actually there is already a bug report which I just found: #4001

This Issue was closed on January 13th 2014
Powered by GitHub Issue Mirror