.htaccess redirect causes invalid security token when logging in thru email link

by wanderlusted   Last Updated August 01, 2020 07:10 AM - source

I wanted to eliminate duplicate content by redirecting all requests to https://www... by using the below .htaccess entry:

## Begin - Custom redirects
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.

## Force https and www
#RewriteCond %{HTTPS} off [OR]
#RewriteCond %{HTTP_HOST} !^www\.gonativeguide\.com$ [NC]
#RewriteRule ^(.*)$ https://www.gonativeguide.com/$1 [L,R=301]

## Remove trailing slash if not directory
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} (.+)/$
#RewriteRule ^(.*)/$ https://www.gonativeguide.com/$1 [R=301,L]

## End - Custom redirects  

Adding this entry seem to do the job for the redirect, however it blocks my users to log into my site using email links. When the user needs to log in she gets a notification email with a button that links to the below address: https://www.gonativeguide.com/de/backoffice/markavail?inquiry=437

Joomla changes the above link to the below one, asking the user to log in: https://www.gonativeguide.com/de/component/users?view=login&Itemid=214

Previously this worked perfectly fine. But with the .htaccess entry, my users get the below error message:

"Warnung Der Sicherheitstoken ist falsch. Die Anfrage wurde zur├╝ckgewiesen, um eine Sicherheitsverletzung zu verhindern. Bitte die Seite aktualisieren und erneut versuchen."

I believe this is equivalent to:

"The most recent request was denied because it contained an invalid security token. Please refresh the page and try again"

I think I could find a workaround to the problem: If I log in by typing www.gonativeguide.com/login and THEN click the link in the email, then it seems to be working. However it is super embarrassing to ask my users to do so all the time, so I'd like to find a solution to the problem.

I read through the related (lengthy)forums talking about the invalid security token problem and tried the below suggestions, but none helped:

Flush cache at the host Flush cache in Joomla Checking if the System - Page cache plugin is disabled (it was disabled) Empty the _session table in the Joomla database Upgrading Joomla to the latest version Fixing the database (Extensions / Manage / Database) Extending the session timeout to 10 hours

Can somebody explain me, why the .htaccess entry causes this problem, and how can I do the redirect without this side effect?

Thanks, W.

Related Questions

Site keeps browsing itself all the time

Updated January 05, 2019 09:10 AM

Offering different content to different clients

Updated March 02, 2016 01:04 AM