#4120 (ok 4.0.9) SSL redirects to port 80

[calvin]

this bug is still here for version 3.5.8, version 4.0.7, and version 4.1.0-alpha

The login-redirect-to-port-80-for-https bug still exists.

Situation:

Login page where you input username and password
https://www.xxyyzz.com/pma/index.php

after trying to login by entering username and password and click "Go", it will be redirected to
https://www.xxyyzz.com:80/pma/index.php?token=35f452d16e0c197811a4c6fd8ac04083
(as you can see the domain suddenly have a ":80" attached)

and the page shows a "SSL connection error"

[calvin]

xxyyzz.com is just for an example, My site is not really "xxyyzz.com"

[calvin]

setting
$cfg['PmaAbsoluteUri'] ='https://www.xxyyzz.com/_p_m_a/'; fixed the problem, but it should auto detect instead of having us to set it manually, simply because the original domain is 'https://www.xxyyzz.com/_p_m_a/', by no means should it redirect to 'https://www.xxyyzz.com:80/_p_m_a/'

[Marc Delisle]

I tried with 4.1.0-alpha2 and could not reproduce your problem. I have no $cfg['PmaAbsoluteUri'] defined.

[calvin]

are you using https? We are not talking http here.

And even if your 4.1.0-alpha2 works, the 3.5.8 still needs to fix, many thanks

[Marc Delisle]

Yes, I'm using https.

About 3.5.8, according to http://www.phpmyadmin.net/home_page/support.php, 3.5.x is only support for security fixes.

Moreover, it's my strong opinion that if such a bug existed in the wild, since 3.5.8, it would have been reported before.

[calvin]

Hi, of course it has been reported repeatedly before

http://sourceforge.net/p/phpmyadmin/bugs/3538/
http://sourceforge.net/p/phpmyadmin/bugs/3704/

ppl flag 3704 as invalid, but it does happen.

[calvin]

Thanks Marc! Many many thanks for looking into it.

[Marc Delisle]

Bug 3538 is about the ForceSSL directive; is this your case?
Bug 3704 is also about ForceSSL but the reporter did not answer the question asked by nijel.

[calvin]

none of these two are reported by me.

yes, similar. I think I have made it quite clear in the topic. :) do you need anymore info?

[Marc Delisle]

Sorry, you did not mention the ForceSSL directive in your topic. Well, I just tried it with 4.1.0-alpha2 and cannot reproduce the problem.

Note that in https://phpmyadmin.readthedocs.org/en/latest/config.html#cfg_ForceSSL we mention "In some setups (like separate SSL proxy or loadballancer) you might have to set $cfg['PmaAbsoluteUri'] for correct redirection." so this is probably your case.

[poiuty]

I confirm also face such a problem.
helps

$cfg['PmaAbsoluteUri'] = 'https://xxxx/';

[Marc Delisle]

poiuty,
which phpMyAdmin version? Are you using the ForceSSL directive?

[poiuty]

$cfg['ForceSSL'] = true;
3.8.2, 4.0.8, 4.1

web -> apache2(back-end, 8080) + nginx (front-end, ssl, 80 and 443)

[poiuty]

if need -> i can create test vps, with this problem

[poiuty]

Marc, please your email?
I'll send you a root password (ssh)

https://188.40.203.248/

[Marc Delisle]

Please click on my name on this page and you'll see my email addresses.

[poiuty]

no email
http://poiuty.ru/img/5653a793820497cb593942cc9267.png

[Marc Delisle]

Sorry... use marc@infomarc.info

[poiuty]

posted access

[poiuty]

debian, web -> apache + nginx

[poiuty]

also, you can check the error
https://sourceforge.net/p/phpmyadmin/bugs/4139/
https://188.40.203.248/41/
http://poiuty.ru/img/dc85c820ef136da5b4e2c9df83ac.png

[calvin]

I have no idea why making $cfg['PmaAbsoluteUri'] an essential parameter under my circumstances.

Why phpmyadmin has to append ":80" even when it's https?

Why is this extra appending necessary?

[Marc Delisle]

calvin,
as I told you, in my tests, I cannot see this appending of ":80".