View Single Post
  #6  
Old 02-08-2017, 12:06 AM
thisisme1 thisisme1 is offline
Member
 
Join Date: Dec 2015
Posts: 70
Thanks: 3,749
Thanked 520 Times in 62 Posts
Default

Quote:
Originally Posted by 636387 View Post
This isn't actually an issue with Tor browser, but the way that sessions are being handled.

Because we now log in over HTTPS, this then sets a cookie for handling your logged in "session", the cookie is being set over HTTPS but then the rest of site is being served over HTTP. By default there are a few browsers that won't honor the session from HTTPS over HTTP (because the session then becomes insecure / could be hijacked etc.)

To fix this issue, you need to disable "Automatic Secure Cookie Management", as per my attached screenshot.

But ideally the Admins would work towards serving the whole site over HTTPS.
very helpful, thanks
agree with need to honor https
Reply With Quote