solved SSL Log In Issue

After switching my site to SSL when i try to log in it will not accept my user name and password
However if i use the FORGOT PASSWORD link- it will send me a reset link in email-I click that and enter THE EXACT SAME PASSWORD as it was and submit- then it lets me log in...same user name/same password...but cannot log in unless i go through the password rest link each time..
Any fix for this?
Thanks
updated by @derrickhand300: 08/04/17 08:33:47PM

That doesn't make sense - have never seen anything like it. The password does not get saved, updated or changed depending on SSL. We run SSL here on jamroom.net - have you had this issue logging in here?


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

nope- but EVERY time on my site since adding SSL- everything else seems to work fine
would there be some error logs for this somewheres I could access?

Unfortunately no - this is a pretty simple setup. There is a user_password key in the User DataStore that stores the password hash - that's it. It's value does not depend on SSL or anything for that matter, which is why this doesn't make sense.

My suspicion is that the SSL settings configured in your web server are incorrect, you have some sort of caching layer enabled (such as cloudflare) or some other 3rd party Javascript that is interfering with your site and preventing it from functioning properly on SSL.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
updated by @brian: 05/04/17 11:25:45AM

Yes i have cloudflare enabled...??

Did you update your Cloudflare account so it knows your site is SSL?


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Well I checked and it was already set.. to "flexible"...bvut even with cloudflare disabled im still experiencing the issue...I actually made a video for you so you could see whats happening-but after making it I found out my mic is on the blink...still i will upload it to YT to show you...
In place of the audio I can just tell you what I was doing...
Started off showing you the https url of the log in page in the address bar-
Then showed what happens ( or does not happen) when trying to log in
then I go to FORGOT PASSWORD and get a reset link to email
I click that reset link and enter the EXACT SAME password again..
then I am auto logged in successfully using that technique.
If I close the site in the browser i have to repeat the above to log in again as admin
I show the process twice in the video so that you can see when I close the browser im logged out and have to repeat the process,,
Capture 1
updated by @derrickhand300: 05/04/17 04:34:40PM

Also i notice when i go to this url
http://roughneckcity.com/oilfield_forum/oilfield-forum/forum
its NOT SSL for some reason? I have a separate install of JR there in a subfolder to use as a forum ( like this onje) but never managed to figure out how to do it..I will probably delete it in the future but wondered why it was not SSL..
I have a help ticket open with my Managed VPS concerning the issues with SSL and asked them to check my configuration...

Here is their reply

Hello,

Looks like the form validation https://roughneckcity.com/core/form_validate/__ajax=1 is causing the issue. I suggest to check with the site developer.

This from the developer tools console after trying to log in
XMLHttpRequest cannot load https://roughneckcity.com/core/form_validate/__ajax=1. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.roughneckcity.com' is therefore not allowed access.

Maybe I need to add a "'Access-Control-Allow-Origin' header" ???
updated by @derrickhand300: 05/04/17 05:32:12PM

You can see the root problem is what I outlined earlier:

1) You have the value "https://roughneckcity.com" in your data/config/config.php file
2) you are accessing your site at https://www.roughneckcity.com - the "www" means your browser sees this as a DIFFERENT site.

You need to update your .htaccess file to FORCE your users to not go through www:

Add this right after the "RewriteEngine On" line.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Thanks Brian- yes I actually got the answer from the server...using
https://roughneckcity.com/user/login
works!
Somewhere else i added https://www... ( cant remember where now) so i thought access required the https://www.

I added the code above to the htaccess file- THANK YOU again..was getting really frustrated.

Just as a note i should add that when using the old sharethis script it has to be modified in meta.tpl to https..
I found using sharethis's new script did not require the mod...
Now I am trying to understand why my images are not https...

Sorry to trouble with this...
Now that i have done the above i cannot open the site builder widgets
from the error console

"XMLHttpRequest cannot load https://roughneckcity.com/sbcore/modify_widget/html_id=widget_id-684/__ajax=1. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://roughneckcity.com' is therefore not allowed access."

here is how I edited the htaccess file adding the code after the line you stated
Did Ido this incorrectly?.. or do i need another rewrite for4 trhe sitebuilder modules?
Sorry and thanks

Please disregard...it just started working again...not sure what i did... Just glad i knew how to do it!

Sounds like cache expired so it started working. Glad it is working now. Thanks!


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net