Reputation: 92591
cookies causing "unsecure content" warnings on google chrome?
If i visit the home page on my site (which uses code igniter) my homepage is using http, Code igniter sets a cookie containing all the session info.
If I then click login, which is using https I get unsecure content warnings, and the only thing I can think of it being is the cookies as If I restart the browser then go straight to https://mysite.com/login then I get no unsecure content warnings.
How can I fix this (Note that the homepage cannot be https).
Upvotes: 1
Views: 330
Answers (2)
Reputation: 102745
This error comes from content being served over http to a page that's supposed to be https. For example, an <img>, <link>, or <script>.
The thing with Codeigniter is that it's very likely you're using base_url() or site_url() for full absolute URLs to the embedded content, probably using http.
Here are some things you can do:
Use relative URL's, i.e.
<img src="/path/to/images.jpg">Don't specify a protocol. Example:
//example.com/path/to/image.jpgMore on this technique here: http://paulirish.com/2010/the-protocol-relative-url/In the
__construct()of the controller that you need to use https (or in the method that needs it), load a different config file that redefines your base url to use https. Note that it will be too late for any scripts/libraries that use the base url for html output before this config file is loaded.
If you load the page in IE, you should get a very nagging error message that will give you a list of all the content that was delivered insecurely to help you troubleshoot (other browsers should have this feature as well, but in IE it's especially prominent).
EDIT: Saw your note that there is nothing on the page being requested via http, only https, and the note about what happens when no cookies are present. My mistake, I just woke up - I should have read the question more thoroughly :p
Upvotes: 2
Reputation: 13517
You are loading unsecure content (usually images/iframes) on your secure (https) login page.
What this means is that you are referencing a link to a page that is not secure (is not https). This will cause the error, and prompt users whether or not to load such content. It's a problem with the links to external content, not your cookies.
Edit: To (temporarily) fix the issue, find any links/references to external content and disable it for the time being, then visit your page and the prompt/error should go away.
To fix the issue, you'll have to download the content or use a file on your site to securely download the content for that page to use.
Upvotes: 0
Related Questions
- CodeIgniter : Session does not work in google Chrome
- Codeigniter ci_session cookie (GDPR problem)
- Cookies no longer save for insecure sites in Google Chrome
- Unexplainable mixed content warning - can non-secure cookies cause this?
- CodeIgniter Cookies Working In FF, But Not Chrome Or IE
- CodeIgniter session help, cookies not secure?
- cookie_secure=TRUE and problem in userdata
- Getting cookies causing error 500
- Google Chrome Cookie php problem
- Google Chrome Cookies - HTTP & HTTPS