Remove Email Verification doesn't work with SSL

Hey guys,

i am runnig pro sites and remove email verification plugin and recently activated an ssl cert on my multisite installation.

new users only get logged in automatically if SSL is off and if i DON'T force SSL on checkout.

Another issue is, that if i have SSL active the subsite at the end of the registraition process also shows the link as "https://" but i don't use ssl on the subsites (See the screenshot below).

https://www.dropbox.com/s/6gkpvy48t7irgbj/Capture3.PNG?dl=0

It also first looks like i am logged in if ssl is on, but after i click on either the created subsite or any other menu item on the page, i am logged out again. everything is working fine if ssl is deactivated.

    Nastia

    Hello David

    I hope you are doing well today!

    new users only get logged in automatically if SSL is off and if i DON'T force SSL on checkout.

    I can't reproduce the same on my site with Pro Site & SSL cert.

    Do you see any erros when you are trying to login as a user?
    Would you please enable WordPress debugging by putting the following to the wp-config.php file:

    define( 'WP_DEBUG', true );
    define( 'WP_DEBUG_LOG', true );
    define( 'WP_DEBUG_DISPLAY', false );

    Reproduce the issuw with the user login. This way all errors will be saved in the debug.log file inside the /wp-content/ directory. Save debug file as .txt file and attach it here so we can check it out.

    Another issue is, that if i have SSL active the subsite at the end of the registration process also shows the link as "https://"

    I am not .htaccess expert, however you can force HTTP to your subdomains, with the following code added to the .htaccess file:

    RewriteCond %{HTTPS} on
    RewriteCond %{HTTP_HOST} ^.+\.domain\.com$
    RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    Make sure that you have a backup of your original .htaccess file. Change the R flag to R=301 once you have tested that everything works as expected. And change domain to your domain name.

    Make sure there are no https-links to your sub-domains anywhere!

    If the above will not work, try the solution described below:
    http://webmasters.stackexchange.com/questions/85447/only-use-https-for-main-site-and-http-for-subdomains

    I hope this helps!

    Cheers,
    Nastia

    MapSteps

    Hey @Nastia,

    thanks for your reply!

    I can't reproduce the same on my site with Pro Site & SSL cert.

    I forgot to mention that this only happens while signing up for a new site. The regular login does work, but the Remove Email Verification isn't doing the job any more with my activated autoSSL certificate.

    I am using the following code to force ssl on the main site:

    # RewriteCond %{HTTPS} !on
    # RewriteCond %{HTTP_HOST} ^(www\.)?mydomain\.com
    # RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    which works just fine. the only problem is, that after the user signed up (with remove email verification active) he sees what you can see on the screenshot above. The link to the wp-admin of his newly created site is an https link which doesn't work (because i don't have a wildcard ssl)

    I changed the output with a few lines of jquery:

    var oldLink = $('#psts-payment-info-received a').attr('href');
    newLink = oldLink.replace("https", "http");
    $('#psts-payment-info-received a').attr('href', newLink);
    $('#psts-payment-info-received a').text(newLink);

    Anyways, the user isn't logged in after he signs up so it looks like remove email verification plugin doesn't work if an ssl certificate is active on a site. first it seems like he's logged in, but after i click on that link which points the user to the wp-admin or go anywhere else on the main site, i am not logged in anymore.

    Best,
    David

    MapSteps

    Here are 2 Videos i've recorded so you can see the issue.

    I guess it happens because the https and the http sites are treated as 2 different sites and the user is only logged in to the https (or http) version of the site.

    https://www.dropbox.com/s/5d22nx20o27dic4/signup1.mp4?dl=0
    https://www.dropbox.com/s/2we2ud1oq96fgkz/signup2.mp4?dl=0

    Hope that clearifies what i wanted to explain a little bit.

    Best,
    David

    Nastia

    Hello David

    I hope you are doing well today! Please accept my apologies for late reply!

    Thank you for the video. I have tested this on my site, with SSL activated across network, new users are logged in automatically after registration.

    However, when forcing SSL only on a main site, from the .htaccess file, the user isn't logged in. I have asked for developer's feedback here, once there is an update from a developer, I will post his reply right here in this post.

    Have a nice day and take care!

    Cheers,
    Nastia