Installation problem over SSL


(Charles Belov) #1

Summary: index.php cookie pointing to non-SSL domain when installing over shared SSL domain which is different from the non-SSL domain prevents proceeding from Welcome! administration screen.

I am a newbie to Piwik and am trying to install it over SSL in order to keep the various passwords secure. I am getting the following message when I go from the Welcome! screen to the second screen:

Error: it seems you try to skip a step of the Installation process, or your cookies are disabled, or the Piwik configuration file is already created.
Make sure your cookies are enabled and go back to the first page of the installation .

Cookies and JavaScript are both enabled.

Here’s the twist:
We only use SSL for internal administrative purposes, so we are using a shared certificate.

Non-SSL URL:

http[colon]//www.sfmta.com/piwik[redacted]/

SSL URL:

https[colon]//sfmta.securesites.net/piwik[redacted]/

The cookie, however, is coming in on

https[colon]//sfmta.securesites.net/piwik[redacted]/index.php?action=systemCheck&clientProtocol=https

using the following header:

Set-Cookie    PIWIK_SESSID=[redacted]; path=/; domain=sfmta.com piwik_auth=deleted; expires=Thu, 05-Feb-2009 20:55:53 GMT

That is, with a domain of sfmta.com rather than sfmta.securesites.net

I’ve tried the following.

In the Apache httpd.conf, setting (when the SSL engine is on)

ServerName sfmta.securesites.net

and restarting Apache, of course.

As well as in Cookie.php inserting the code:

$Domain = 'sfmta.securesites.net';

as the first line in the setCookie function.

Nether is sufficient to get index.php to send the cookie with a domain of sfmta.securesites.net

How is the domain being detected or set for the cookie? Why isn’t it coming from the server name set in httpd.conf? Is there a workaround?

Yes, I know it would be easier and classier to have our own SSL cert but I don’t have a budget for it, seriously.


(Charles Belov) #2

Solved!

Apache 2.2.4 and later support the following in the Apache configuration file if mod_headers is enabled:

Header edit Set-Cookie domain=sfmta.com domain=sfmta.securesites.net

I enabled it for when Piwik is running administratively. Now it works!

Hope this helps,
Charles Belov
SFMTA Webmaster
sfmta.com/webmaster