Problem with automatic logout between secure and non-secure urls

Report · Mar 18, 2014

On my business catalyst page the user login page is located on a non secure url (our site's domain and not worldsecuresystems). When a user is logged in and then views a page on a secure url (i.e. a page to purchase a subscription to a secure zone) it does not retain their login cookie and it appears they have been logged out. This also creates a problem where I cannot pre populate the secure zone purchase form with a user's information based on their account details. Is there a way to retain have both domains recognize the user is logged in to allow the user to freely pass between these domains without having to login twice? I was considering putting the login page on the secure domain and using relative urls for all my links but for some reason some of my pages appear corrupt when viewed on the worldsecuresystems domain so I'd like to avoid this method. Any help would be appreciated.

Report · Apr 23, 2014

Make sure the referrer paramter is correctly set on the form.

This is the default BC action. But remember the {module_siteurl} will return the host they are currently on. So if this is used on a secure page you'll need to use {module_sitehost} instead

action="{module_secureurl}/ZoneProcess.aspx?ZoneID=-1&Referrer={module_siteUrl,true,true}&OID={module_oid}&OTYPE={module_otype}">

Report · Feb 27, 2017

For those with similar issues... I've had this same problem on sites where it once worked fine.

In addition to gary's comments; when this stops working or you can't get it working, the problem is usually a cookie issue (not sure on the exact cause), but clearing the browser cookies allows this to work once again.

Hope this helps others.