Login Page Access



I have installed elgg on WAMP 3.2.3 and have attempted to allow public http access.  I get the login page with an error message telling me that I don't have access permission to the Login page however, if I click on the link to the register page and from the register page click on the home link I am taken back to the Login page without the access permission error and I can log in to the website without issue.

So, first, what do you think the access permission error is all about?

What do you think the Logon page, Register Page and then Home back to the Login page is all about?

  • Maybe the issue is connected with the site url you used when installing your site not being exactly the same as the url you now use to visit the login page (as opposed when you go via the register page as you are redirected to the site url).

    With "not exactly the same" I mean that it could be a difference in "http" vs. "https" and/or in one case use "www" and not in the other way. This could explain why there's a mismatch in the session cookie created when login if the url in the cookie is not the same as the site url.

    You can check the site url in elgg-config/settings.php. Then you can try if you still have the problem when using exactly this url in the browser. To get it working with different urls being used getting redirected to the site url you would have to add some rewrite rules to Elgg's .htaccess file, e.g.

    # If your users receive the message "Sorry, logging in from a different domain is not permitted"
    # you must make sure your login form is served from the same hostname as your site pages.
    # See http://learn.elgg.org/en/stable/appendix/faqs/general.html#login-token-mismatch for more info.
    # If you must add RewriteRules to change hostname, add them directly below (above all the others)

    # http to https
    # exclude subdomains
    RewriteCond %{HTTP_HOST} ^(www\.)?SITE\.URL$ [NC]
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://www.SITE.URL%{REQUEST_URI} [NC,L,R]
    # add www on ssl
    RewriteCond %{HTTPS} on
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,L,R]

    That's what I use on my site, so you might need to adjust it as explained in the link included in the comment depending if you use www or not in your site url and use SSL or not on your site. In any case you would need to provide your site url in the rules.