Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL error messages


Stryks

Recommended Posts

Hi all,

 

I am having some dramas with my site at the moment that I am unsure of how to deal with.

 

I suspect that it may all be caused by my windows based host, but I am interested to know if its something simple I have overlooked.

 

When a user clicks the log in link, they are taken to the secure login page as expected, but when they click the login button, the page warns that they are being redirected to an unsecure site. Whether you click yes or no, the login only half works. In that you can see your details if you click in 'my account' although the rest of the pages still call you guest and dont show log out buttons. If you try to purchase anything, then it tells you to log in, which does the same thing.

 

I bypassed this error by setting a link to the default page to SSL, but I also get the same warnings after a purchase is made. I cant seem to avoid this one.

 

Is this by design? If not, any ideas on what is going wrong?

 

Cheers.

Link to comment
Share on other sites

The only pages that are, and need to be SSL, are pages where customer information is being passed (i.e. create_account.php and the checkout pages). The other pages will not be secure as there is no need for them to be.

 

With that said, if you are still having a problem do you have a dedicated certificate or are you using a shared one from your host?

 

If it is shared, did you have to copy files that you want to be secure into a special directory? If so, make sure you copied all the files you need.

 

Is your catalog/includes/configure.php file setup correctly? You can post it here, just make sure that you leave out the database info.

Link to comment
Share on other sites

Thanks for the reply.

 

I think my configuration is correct. I've checked it quite a few times and have even gone as far as to install on a linux box with the security enabled to make sure that I was setting things the right way, and it seems I am.

 

As for the certificate, I am using a dedicated certificate which when called with https just gives access to the same directory tree.

 

I should clarify actually, that this isnt a warning of some secure and some non-secure items on the page. This warning is along the lines of 'you are being redirected to an unsecure site. Information may be transmitted to an external server' ... or words to that effect.

 

As I said, for the rest of it, the pages switch in and out of SSL mode the way I would expect, however when you come to the point where it moves out of the secure area, it throws this error.

 

Any ideas? I really dont understand.

 

Thanks again.

Link to comment
Share on other sites

But surely you arent expecting all viewers of the site to just ignore an error message relating to their security. And if this message is caused by the default config then ... well ... I would consider that a very serious flaw, wouldnt you say?

 

As I have mentioned, it actually stops the site from working in one place, and causes the error on another page.

 

To clarify. You're telling me that it is normal behaviour for this package to give viewers with a default IE installation an error regarding a possible security violation and redirection of their information to another site, both before and after actually making an order?

 

If so, my question is this. Who is really going to trust me with their credit card details? I know I wouldnt trust a site with that info if it had these messages.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...