1. No ad-hominem
2. No spamming or shilling
I think that’s just paranoia.
If something is causing the browser to switch between http and https it will probably invalidate any session cookies the browser has as cookies are normally only allowed to be used by the site they are generated by.
Is it worth recapping what the problem is? Is it only seen on certain browsers? (for example on Firefox on Linux I have not seen any issue with staying logged in).
The upshot is that my old HFS bookmark was directing to http://
Clearing cookies then deleting the old bookmark
manually typing in the https:// address, like this https://www.hifisubjectivist.org/index.php
saving that as the bookmark,
then logging in and checking "remember me"
stopped all the nonsense.
Now everything works properly.
Maybe iOS users on Safari should do what I did above as the old pre-upgrade bookmark was probably cocking things up with the new secure session cookie not being allowed by the browser, because it is not coming from the right address. Or something.
If you use Safari and are not seeing the lock symbol in the address bar then you, almost certainly will have the login problem.
Try sorting out as above. It worked for me.
Mac-Mini music server with iTunes, AppleTV4 media streamer, Musical Fidelity M1 DAC,
NVA A20/P20, 25WPC stereo power amplifier/passive control unit,
own design, semi-omnidirectional, transmission line speakers- "The Flatback Banned".
UPDATE. I did as Steve suggested, saved in bookmarks with the amended address and now it is secure.
2. Google will derate sites that aren't http://
3. The site has a logon and you can extract eMail addresses from it - that equals authentication you can try against other sites. (It's the basis for a standard internet hack because most people use the same password for all sites on the internet). https:// makes this harder.
Unless I am missing something that would only work if you can see the network traffic, so not that simple to do, if you were sitting on a ISP you could do it, but then again you could probably set up a https MITM attack from there as well if you had control over DNS responses.The site has a logon and you can extract eMail addresses from it - that equals authentication you can try against other sites.
I have nothing against https, and I agree there is no downside, especially as you seem to be using Lets Encrypt.