Installation problem over SSL

(Charles Belov) #1

Summary: index.php cookie pointing to non-SSL domain when installing over shared SSL domain which is different from the non-SSL domain prevents proceeding from Welcome! administration screen.

I am a newbie to Piwik and am trying to install it over SSL in order to keep the various passwords secure. I am getting the following message when I go from the Welcome! screen to the second screen:

Error: it seems you try to skip a step of the Installation process, or your cookies are disabled, or the Piwik configuration file is already created.
Make sure your cookies are enabled and go back to the first page of the installation .

Cookies and JavaScript are both enabled.

Here’s the twist:
We only use SSL for internal administrative purposes, so we are using a shared certificate.





The cookie, however, is coming in on


using the following header:

Set-Cookie    PIWIK_SESSID=[redacted]; path=/; piwik_auth=deleted; expires=Thu, 05-Feb-2009 20:55:53 GMT

That is, with a domain of rather than

I’ve tried the following.

In the Apache httpd.conf, setting (when the SSL engine is on)


and restarting Apache, of course.

As well as in Cookie.php inserting the code:

$Domain = '';

as the first line in the setCookie function.

Nether is sufficient to get index.php to send the cookie with a domain of

How is the domain being detected or set for the cookie? Why isn’t it coming from the server name set in httpd.conf? Is there a workaround?

Yes, I know it would be easier and classier to have our own SSL cert but I don’t have a budget for it, seriously.

(Charles Belov) #2


Apache 2.2.4 and later support the following in the Apache configuration file if mod_headers is enabled:

Header edit Set-Cookie

I enabled it for when Piwik is running administratively. Now it works!

Hope this helps,
Charles Belov
SFMTA Webmaster