Redirect Issues Once Logged In

drhedberg · 6 June 2016 21:15

Using s2Member Pro

Members logging in are redirected to a single page with a strange url whenever they try to access links that go to protected pages: http://www.infectionconnection.net/course-overview/?_s2member_vars=page..level..2..page..1001..L2Fsb3BlY2lhLWFuZC1oYXNoaW1vdG9zLw%3D%3D&_s2member_sig=1465247161-a211491bffc559801d348052a30885f3

Tried disabling all plugins but that didn’t work. Any ideas what would be causing this strange url and redirect?

Thanks and let me know if you need more information.

KTS915 · 6 June 2016 22:29

That “strange” URL says that the page from which the redirect is occurring is protected at level 2. My guess, therefore, is that your members don’t have level 2 access. Try protecting the page at level 1 and see if it works then.

drhedberg · 6 June 2016 22:50

Thanks Tim for your help!

I changed the pages to Level 1 and I’m getting similar url:

http://www.infectionconnection.net/course-overview/?_s2member_vars=page..level..1..page..461..L2x5bWUtZGlzZWFzZS8%3D&_s2member_sig=1465253267-f7a60c1b966c0c0e46aa3f13d81e0924

All members are either level 2,3 or 4 but it’s still happening. And I am the admin and still get this error.

Any other ideas? thanks!

drhedberg · 6 June 2016 23:01

Just noticed there is a “reset roles/capabilities” button which says it resets membership levels. Is this a good thing to try?

thanks

KTS915 · 7 June 2016 00:09

Unless you’ve changed the capabilities that each user role has, it won’t make any difference. But, if you have changed them at all, yes, it’s worth a try.

But I see you are using a them called Ultimatum. Have you created the content on the protected page with its page builder?

drhedberg · 7 June 2016 00:11

I’m not sure, I had a developer put together the website 5 years ago. s2member has been working flawlessly for 5 years but all of a sudden now I have this problem.

Any other ideas on where to go from here?

thanks

KTS915 · 7 June 2016 00:13

Well, if it’s been working that long, something must have happened recently. Do you run a logging plugin so that you can see what’s changed?

drhedberg · 7 June 2016 00:17

I don’t have a logging plugin.

On Friday my webhost installed Let’s Encrypt to enhance security and that was when I noticed the issue. I had them disable it, and they completely restored a backup of the website from the day before. That is the only thing that happened but you would think with a full backup restore before the Let’s Encrypt changes it would be unrelated.

Any ideas if that is somehow is a lingering issue? My webhost said it isn’t but that doesn’t mean anything.

thanks

KTS915 · 7 June 2016 00:20

Who is your host? If they are “with it” enough to install Let’s Encrypt for you, I suspect that they know what they are doing. And they are right: that should have had no effect on this. I suspect that the problem was there before, but you hadn’t noticed.

Do you have a clone to test on? I’d suggest trying switching to a default theme, like 2015 or 2016, and see if the problem continues then.

drhedberg · 7 June 2016 00:33

I use Siteground.

Everything was working fine a few days before they did the change.

I can make a testing site through Siteground which is easy to do but not sure what I would test?

I’m s2member pro which allows for a full download of the user data so I thought about backing that up, completely deleting the plugin and then reinstalling.

Let me know what you think I should test for in a staging environment. I’ll try the theme change idea as well.

thanks

KTS915 · 7 June 2016 00:38

I have never used them, but everything I have heard about Siteground makes me think you should be able to trust them. So I don’t think it’s Let’s Encrypt.

With the limited information I have to go on, my best guess at the moment is that the latest update to WordPress has caused a problem with your theme. So if you change to a default theme, and then see if a member can access a protected page, you can test my theory.

JediShark · 7 June 2016 11:26

@drhedberg: I believe I’ve resolved your problem via the trouble ticket you submitted.

Just for educational purposes, I’ll explain what I did.

See this s2Member configuration panel: WordPress Dashboard → s2Member (Pro) → General Options → Login Welcome Page. At the very bottom of the panel, there is a setting that says “Always Redirect Non-Administrative Users (after login) using HTTP?”. You had this set to the recommended setting of “Yes”. When the login page is using HTTPS, this can cause the problem you were experiencing.

WordPress keeps separate sessions for HTTP and HTTPS, so when you go from an HTTPS login to a page s2Member is serving over HTTP, WordPress no longer recognizes the user has logged in.

I set “Always Redirect” to “No”. I created a test user at Level 1. logged out, and logged back in. I was directed to your Login Welcome Page as intended. I believe the issue is resolved. I went in and deleted the test user and replied to your ticket.

drhedberg · 8 June 2016 00:40

Thank you for the update Pat. I sent you an email reply which explains the issue that I am having which is separate to the solution posted above.

Thanks for looking into this.

portlockt3 · 8 June 2016 12:55

This might be completely wrong but I had the same issue as you. All I did was remove “www.” from the links that they would click to go to the restricted pages, and it worked fine! Strange eh!

drhedberg · 8 June 2016 13:29

Thanks for the tip! I’m not sure how to remove the www, is that a simple process to do?

thanks

drhedberg · 8 June 2016 13:43

Holy crow you were right Tom! Except my issue was backwards. The links that weren’t working were actually set without the “www” so just adding it to the links fixed the issue!

I would like to know for future reference if anyone understands why this would happen and if there is more of a global solution rather than me going in and changing on the links individually. But for now, we are good.

Thanks Tom!

portlockt3 · 8 June 2016 13:50

Hey Nikolas, no idea why this worked but I noticed it when the links without www were working, but with www they weren’t. Strange huh! Glad it’s sorted though (for now )

drhedberg · 8 June 2016 13:52

Tom,

I paid for s2member pro so I would have tech support and they were unable to figure out a solution but you easily figured it out. LOL!

Thanks Tom, I really appreciate your help!

KTS915 · 8 June 2016 15:16

The reason this happens is that WordPress treats a domain beginning with www as different from one that doesn’t. It’s the same with starting a URL with http or https: they are treated as different domains.

The reason that s2Member support didn’t guess that (and nor did I) is that we didn’t have the information to do so. (You’re a doctor so you know about diagnosis!) This is why it’s so important to run a logging plugin (I recommend Activity Log, Simple History, or WP Security Audit Log) and to check your site regularly. That way, you’ll notice when the problem begins – this one must have been there for quite some time – and what might have caused it.

drhedberg · 8 June 2016 15:53

Thanks for your reply Tim and I completely understand.

My remaining issue is that I have a ton of links that don’t start with www and none of them are working unless I manually change all of them. Even the ones that uploaded to the /wp-content/plugins/s2member-files/ folder aren’t working.

Do you know if there is a way to do a global fix? Otherwise, I’ll have to spend hours adding www to every single link on the website.

thanks and I appreciate your help!