htaccess file making signin redirect to index page and start a new session then allowing login

My host company created a redirect in my htaccess file so that all of my pages are using my SSL cert and display as https. Since they did this I am unable to login to my site on the first attempt. It redirects me to my index.php page and starts a new session. Before doing this redirect, my session would carry forward when signing on. Which I need as I am designing an ecommerce website and want the items in the cart to move forward if they sign in.

htaccess file

 RewriteEngine On

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Sign in page that redirects to my Signed-in index page. As you can see there is not a redirect on this to index.php…only the signed in index or an error would display. Something is causing the htaccess file to redirect me to my index page and start the new session. The thing is after I have attempted to sign in for the first time, the google chrome remember password feature displays, but I’m not logged in. When I try to login after I’m redirected, it allows me.

if(Input::exists()) {

if(Token::check(Input::get(‘token’))) {

$validate = new Validate();
$validation = $validate->check($_POST, array(
    'username' => array('required' => true),
    'password' => array('required' => true)
));

if($validation->passed()) {
    $user = new User();

    $remember = (Input::get('remember') === 'on') ? true : false;
    $login = $user->login(Input::get('username'), Input::get('password'), $remember);

    if($login) {
        Redirect::to('indexSignedIn.php');
    } else {
        $tryagain = "The information you entered did not match our records.";
    }

} else {
    foreach($validation->errors() as $error) {
        echo $error, '<br>';
    }
}

My sign in page form..

<?php
if(Session::exists('home')) {
    echo '<p>' . Session::flash('home') . '</p>';
}
 ?> 
                <form class="signinform" name="Sign In" action="" method="post" autocomplete="on" accept-charset= "utf-8">
                <span class="spancenter"><h1>Sign In</h1></span>
                <hr><br>
                <div class="centerleft">
                    <label for="username">Username</label>
                    <input type="text" name="username" class="biginputbar" autocomplete="on" required>

                </div>
                <div class="field">
                    <label for="password">Password</label>
                    <input type="password" name="password" class="biginputbarp" autocomplete="off" required>
                </div>  
                <div class="field"> 
                    <label for="remember">
                        <input type="checkbox" name="remember" id="remember"> Remember me
                    </label>
                </div><br>
                <input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
                    <label for="widebutton"> 
                            <input id="widebutton" type="submit" value="Sign In"> 
                    </label><br><br>

The session flash you see in there was never an issue before doing the https redirect, so I’m not sure if that has anything to do with it?

Every page on my site displays as https. The weird thing about all of this is say if you added products to the cart. Then tried to login, it creates a new session and takes you back to the index.php page. Then when you try logging in again it sends you through. But say I log out and close the browser or at least the website from the browser. Then if I enter my websites address in again and re-visit the page, my first session is still present reflecting the products I added to the cart.

I then thought because of the new session being created that it may have something to do with my Cookie or Token Class. If not please ignore this, but I want to post any possible scenarios that may cause this

Cookie class

public static function get($name) {
    return $_COOKIE[$name];
}

public static function put($name, $value, $expiry) {
    if(setcookie($name, $value, time() + $expiry, '/')) {
        return true;
    }
    return false;
}

public static function delete($name) {
    self::put($name, '', time() - 1);
}
 }
?>

token class

public static function check($token) {
$tokenName = Config::get('session/token_name');

if(Session::exists($tokenName) && $token === Session::get($tokenName)) {
    Session::delete($tokenName);
    return true;
}


  return false;
}
}
?>


Source: .htaccess

Leave a Reply