Summary: index.php cookie pointing to non-SSL domain when installing over shared SSL domain which is different from the non-SSL domain prevents proceeding from Welcome! administration screen.
I am a newbie to Piwik and am trying to install it over SSL in order to keep the various passwords secure. I am getting the following message when I go from the Welcome! screen to the second screen:
Error: it seems you try to skip a step of the Installation process, or your cookies are disabled, or the Piwik configuration file is already created.
Make sure your cookies are enabled and go back to the first page of the installation .
Cookies and JavaScript are both enabled.
Here’s the twist:
We only use SSL for internal administrative purposes, so we are using a shared certificate.
Non-SSL URL:
http[colon]//www.sfmta.com/piwik[redacted]/
SSL URL:
https[colon]//sfmta.securesites.net/piwik[redacted]/
The cookie, however, is coming in on
https[colon]//sfmta.securesites.net/piwik[redacted]/index.php?action=systemCheck&clientProtocol=https
using the following header:
Set-Cookie PIWIK_SESSID=[redacted]; path=/; domain=sfmta.com piwik_auth=deleted; expires=Thu, 05-Feb-2009 20:55:53 GMT
That is, with a domain of sfmta.com rather than sfmta.securesites.net
I’ve tried the following.
In the Apache httpd.conf, setting (when the SSL engine is on)
ServerName sfmta.securesites.net
and restarting Apache, of course.
As well as in Cookie.php inserting the code:
$Domain = 'sfmta.securesites.net';
as the first line in the setCookie function.
Nether is sufficient to get index.php to send the cookie with a domain of sfmta.securesites.net
How is the domain being detected or set for the cookie? Why isn’t it coming from the server name set in httpd.conf? Is there a workaround?
Yes, I know it would be easier and classier to have our own SSL cert but I don’t have a budget for it, seriously.