Admin session on Jommla 4

Hi. As soon as I configure cloudflare for my site to be on https. admin will logout after some clicks and even sometimes on some seconds inactivity.

Anyone knows how to fix this?

Sincerely yours

May I ask if you are running some Firewall plugin like RSFirewall for your Joomla installation?

Or, having an lower time-frame for sessions in Global Configuration for your Joomla installation?

Otherwise, I assume it has to be something with:

  1. Cookies
  2. As you are writing about “for my site to be on https”, it has to be something with an SSL certificate
  3. Web server is not working on HTTPS (usually the 443 port)

Furthermore, regardin SSL, have you had an SSL certificate before moving your domain/website to Cloudflare?
If yes, is it a valid SSL certificate, which covers both your main domain and your sub-domains too (like www, etc.)?

Which SSL mode have you got enabled (Full SSL, …) at SSL/TLS tab on Cloudflare dashboard?

About SSL/TLS available options at Cloudflare dashboard, check here:

Kindly, check the instructions from below article to make sure you have the right SSL setup:

Useful tips to check out too:

I have used cloudflare for several years and have many websites on it. with Joomla 3 there is no problem at all. in Joomla 4 it is working very fine with http. as soon as I put it on https then problem comes. (I am using Flexible)

session is on database for 150 minutes.


when I am in flexible, the site is working with https. but under full it will give me error 403

Are you running them all on Flexible? How many domains would it be?

1 Like

yes. 19 domains right now.

I am afraid I can only second what @sdayman already wrote. You currently have an insecure setup because of your settings without any encryption. All your traffic goes over HTTP. You should fix your server setups as soon as possible and switch that to “Full strict”.

1 Like

I have no idea how to do it. I saw all the tutorials and I am doing it right, but still after full https Iget error 304

I am behind the router which the server is connected to. but I tried also from my mobile (on another network) to reach the site but still error 304

This is very funny forum. I asked for admin get pushed out from joomla 4. what I get. so many question and answers which were not on the same matter at all. even worth. one guy ask how many domain I have on cloudflare!

by the way thanks for nothing

Sorry for delay. no I am on a new fresh Joomla 4. with nothing install on it.


Kindly, see below article how to propperly setup Joomla and Cloudflare:

May I ask what error do you get now?
304 again?

If so, here is an explanation of error 304:

Are you actually having an Error 304 or Error 403 - there is a difference.

Maybe it has to be something regarding SSL/TLS settings.
Kindly, check below article how to propperly setup Full (Strict) SSL:

Recently, when visiting your Website, I get HTTPS warning and can access it via HTTP only.

Meaning, you either have:

  1. Switched :orange: cloud to :grey: cloud for and www
  2. Have installed Joomla on HTTP
  3. Paused Cloudflare for your site
  4. Turned off the SSL at SSL/TLS tab on Cloudflare dashboard for your domain

I don’t get errors at all. Joomla is asking me all the time to login to the admin area. This problem does not exist with the front-end. in the http there is also no problem. just when I use proxy it comes the problem for admin area

Still waiting for your help

May I ask what steps have you tried and done already?

I am running Joomla 4 with Croatian language pack (hr-hr) over HTTPS with an valid SSL certificate installed on Nginx web server and PHP-fpm 7.4, while the domain is behind Cloudflare with Full (Strict) SSL without any issue.

There should be some redirection loop or some issue regarding your Web browser cookies.
Kindly, try to clear cache and cookies of your Web browser, or try openning the admin area via private window, or another Web browser, or via a VPN connection.

If your Joomla was setup on HTTP, then via some database front-end tool like phpMyAdmin, change all the HTTP URLs to HTTPS via “search and replace” just in case.

If you cannot login, then there is an issue. Regarding the login session for Joomla, it could be either cookies or the value for the PHP session timemout.

Try with:

Regarding HTTPS on admin area, see below possible solution and try out (since this article below shows Flexible SSL - which could cause issues and is already stated to not use it):

On how to enable HTTPS on Joomla, here:

Maybe from some older topics:

The problem is not https. As soon as I change the proxy from dns only to proxied in cloudflare then the admin can not login for a long time. every seconds he is logged out

And in that case it works on HTTPS?

Can you please forget the HTTPS? why is everyone talking about https? I am having a problem with proxy. If you can’t help just leave the question for others to answer. or not even bother to send me more questions. I have been getting questions for the past 2 month and no one is helping the problem.