Pro Sites Forces Re-Login When Purchasing

I had this working earlier, but I've had a bit of a time today and went through a number of steps to solve another problem I was having that involved replacing salts/hashes in wp-config. Possibly as a result of this, or possibly because of SSL issues I was having, users are now being forced to log in again when attempting to purchase domain mapping through Pro Sites. The login is always unsuccessful, and leads them to yet another login page, where they are asked to do math problems repeatedly. Can someone help? Access to my site is open for staff.

  • Adam Czajczyk

    Hello William,

    I hope you're having a nice day!

    I checked your site and I think an issue here may be the fact that users are not able to "cross-login". The "cross-domain autologin" option on "Network Admin -> Settings -> Domain mapping" page is disabled. However, there's also "forced https" so enabling that option may now work as cross-login over SSL connection is usually quite troublesome due to some HTTPS protocol restrictions.

    That's my first though however and I'm not sure if I'm not missing anything here. That said, could you please help me a little by providing me with a simple "step by step" guide on what actions exactly should I take on your site in order to replicate the issue in question and also an example scenario (preferably "step by step" as well) of what would you like to achieve?

    Looking forward for your replay,
    Adam

  • William Kowalski

    Hi Adam Czajczyk, thank you for getting back to me.

    This is how I can replicate it:
    1. Log in as superadmin
    2. Go to dashboard of any site
    3. Click the Upgrade button on the top or in the menu

    That's it. I then see a screen that says "You must first login before you can choose a site to upgrade:"

    But even when I try to log in, it asks me to log in AGAIN, and then returns me to the wp-admin page, where if I attempt to log in a third time, it simply returns me to the dashboard.

    As far as what I would like to achieve, I would simply like users to be able to click Upgrade and go through the steps to purchase domain mapping without having to log in again.

    I had to check the force HTTPS options earlier because when I left them unchecked none of my users could log in at all. They were being redirected to a non-styled login page that would simply enter a redirect loop and never allow successful login. This was due to the mixture of secure and non-secure elements being called on the page. Forcing HTTPS made sure they were all securely called, I guess.

    I had also unchecked the option for all users to be logged in cross-domain because it seemed it actually allowed users to log into accounts that were not theirs.... !!!

  • William Kowalski

    Adam Czajczyk I have a little more information for you:

    -This issue is now occurring only when users (admins) are directly logged in and attempt to upgrade. It does not happen any longer when I as superadmin view a user's dashboard and click Upgrade, but I am not clear why this has changed.

    -I tried deleting the checkout page and creating a new one to see if that would change anything, but it didn't.

    -I set up a similar site at maritime.rentals, which is NOT using SSL. The plugin works perfectly there. Hovering over the Pro Sites("Upgrade") button at maritime.rentals shows that it goes to a non-SSL page. Hovering over the Upgrade button at mywriting.network shows that it goes to an HTTPS page.

    It is the HTTPS page that is forcing users to log in again and not accepting their login information.

  • William Kowalski

    Hi @dubajicp1
    Sorry, I meant to start a new thread for this but got caught up in other things. Thank you for being diligent.

    The issue is that when a user clicks on the Upgrade (Pro Sites) button in the admin menu, he is taken to a screen where he is asked to log in again to the site he wants to upgrade. Previously, this screen would get the user caught in an infinite loop, but I seem to have resolved that issue. Now, it still asks user to log in again, even though he is already logged into his dashboard, but then it carries him onto the Upgrade page where he can actually purchase the upgrade.

    So, maybe this is intended functionality, maybe this is something that happens with https sites. I actually don't know. As I said, it is not doing this on a test network I have set up that is not using https. Can you shed any light on this for me please?

  • Predrag Dubajic

    Hi William,

    I had a look at your site and it looks like this issue is not related with Pro Sites since I was doing some testing with Pro Sites disabled.

    If you go to subsite.your.site and login with admin account it will login normally, then go to your.site and you will see that you're not logged in to main site.
    Now log out of your.site and navigate back to subsite.your.site and you will see that you're not logged out of there.

    So it looks like something else is messing with your login options between network sites.
    I would suggest checking .htaccess file for any rules that could be causing this, try disabling caching, security and plugins that affect user account to see if any of those are causing this.

    Best regards,
    Predrag

  • William Kowalski

    Now log out of your.site and navigate back to subsite.your.site and you will see that you're not logged out of there.

    I am not able to duplicate this error. When I log out of mywriting.network and navigate to sub.mywriting.network I am not logged in under any account.

    My .htaccess file is straight out of the box, i.e. that which WordPress told me to paste in when I installed the network, no modifications. I will check into whether any of the plugins I am using might be causing what I am seeing, but it's a little concerning that I am not seeing what you're seeing as far as logging in and out of the main site and subsites.

  • William Kowalski

    Disabling any caching and security plugins (Jetpack, Wordfence, WP Supercache) had no effect on the need to log in when making a purchase. I do not know if turning them on and off had any impact on the weirdness of superadmin staying logged into subsites even after logging out of superadmin account. That problem is still not happening any more, so I am praying it is gone forever.

    Because this site is live and in use already, I did not want to risk disabling any other plugins.

  • William Kowalski

    Hi @dubajicp1
    This issue has returned. I do have a test network set up, but it is not happening on that one. It's only happening on my live network. :slight_frown:

    First, I was in Safari, and noticed this happening: When I was logged in as a regular user, I could still see a link to my main site in the admin bar. Although it would not automatically log me in to that site (thank God), I thought it was very odd that this should happen. You can see a gif I made of this issue here: http://imgur.com/xNot9Lo

    I tried to reproduce this after clearing history in Safari and it still happened.

    Thinking maybe it was a Safari issue, I tried it in Chrome, and it happened there too... even in an Incognito window (!!!).

    Then I noticed that the old problem was back: loggin in as superadmin, logging out, logging into a subsite as admin brought me into the subsite AS SUPERADMIN. Not good.

    I can give you network access again.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.