siavash Posted July 23, 2004 Posted July 23, 2004 Hi guys, I think finally managed to install the certificate right! However the certificate LOCK shows only when i'm in the login, logout, my account, and check out. for instance you log in (you can see the LOCK and httpS) and when you click on a category to browse or click a product the lock disappears and httpS changes to HTTP. there is a Security Alert sometimes saying that "you are being redirected to a NON-SECURE page, etc." shouldn't the site be secured totally after you login till you log out? is is important? how can i achieve this? Cheers Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
siavash Posted July 23, 2004 Author Posted July 23, 2004 Anyone? any ideas? Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
devilj Posted July 23, 2004 Posted July 23, 2004 This is how I finally figured out how ssl works (Read entire thread) http://www.oscommerce.com/forums/index.php?showtopic=103709
siavash Posted July 23, 2004 Author Posted July 23, 2004 hey Jim, thanx. i read what you've done. tho' i ain't confident you NEED to have two identical sites! why? does eveyone with working SSL run two sites along side? I appreciate yours is working and i'm definitely gonna test on mine; however there gotta be another solution for us. Any ideas? Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
siavash Posted July 23, 2004 Author Posted July 23, 2004 is there someone whose SSL is set up right and LOCK shows at all times when the user is logged in? i'd really really really appreciate it if you could post your applicaion_top.php code here for me to be able to compare with mine. or alternatively please send a PM if you don't want to stick it here. i reckon my problem has to do with it! HAS ANYBODY GOT ANOY IDEAS? to get a second opinion, what do you thing about DevilJ's proposal? Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
siavash Posted July 24, 2004 Author Posted July 24, 2004 does anyone know the answer? Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
stevel Posted July 24, 2004 Posted July 24, 2004 The way osCommerce works is that it switches to SSL only on pages where the user is going to enter personal information, such as passwords or credit cards, or is viewing account information (with addresses). Otherwise, it switches back to non-SSL mode, tracking the session with a session ID in a cookie or URL. This is reasonable and the way most eCommerce sites work. It is quite a bit of overhead on the server to use SSL for everything when it's not needed. Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description
siavash Posted July 24, 2004 Author Posted July 24, 2004 Thanks. it answered my question tho' as a result i get a security alert pop up as soon as i log into an ccount because obviously i'm going to a NON-SSL page which off-putting to my customers. what can i do about that? Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
AlanR Posted July 24, 2004 Posted July 24, 2004 Thanks. it answered my question tho' as a result i get a security alert pop up as soon as i log into an ccount because obviously i'm going to a NON-SSL page which off-putting to my customers. what can i do about that? If you're talking about the browser warning, that's an option in browser prefs. If you have that warning set to on in the browser, just go to any site (credit card company, bank, etc.) and you'll get the very same warning when you go to their secure section or leave it. You can't handhold every person who may visit your site, there's some things they have to figure out for themselves. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
siavash Posted July 24, 2004 Author Posted July 24, 2004 i haven't changed my browser settings and i just checked a few other secure sites and but the security alert didn't pop up. i logged in, out and even browsed some non secure pages but didn't get the pop up! how's that? Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
siavash Posted July 24, 2004 Author Posted July 24, 2004 Sorry couldn't edit my note! ... i must add i have noticed that this security alert only pops up when you log in! not at log out or when you are logged in and browse between SSL and NONSSL pages. just at log in! i know that the user can change his/her browser settings. but maybe this issue can be dealt w/ securing the welcome page after login? any ideas? Did you try? Did you fail? No matter! Try again. Fail again! But fail better!
AlanR Posted July 24, 2004 Posted July 24, 2004 A link and a test account would help. Maybe you've got insecure items on one page or another. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Keg Posted October 8, 2004 Posted October 8, 2004 Contributions Thread for "Quantity Controller" with possible fix for SSL vs NonSSL Sorry couldn't edit my note! ... i must add i have noticed that this security alert only pops up when you log in! not at log out or when you are logged in and browse between SSL and NONSSL pages. just at log in! <{POST_SNAPBACK}> Yep!...I've been looking for a solution to this too, with no luck, and NO REPLIES at all???!!! Sooooo, check out my links here...after reading them tell me what you think? The first two threads are the one's I listed, and the last thread is a possible solution "I think" to cure this "Security Alert fix between SSL and NONSSL" once and for all? :blink: Well anyway...check out the threads and tell me what you think? Thread #1 Thread #2 P.S. I'm still kinda new to this oscommerce forum, how do we keep track of threads and replies to the threads...I changed everything I could in my user option settings and do not get any emails notifying me of people replying to my topics or to topics that I posted to....how do I get automatic emails sent to me everytime someone replies to a thread like this one you are reading now???? Just a stupid question I know, but can't seem to find the answer anywhere Well, anyway...that's it for now 1. SSL vs NonSSL pop up when logging in 2. Email notificaton when a thread you post is replied to, etc "Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin
Keg Posted October 8, 2004 Posted October 8, 2004 Sorry forgot to post Thread #3 Here it is...now go back and read the previous posting with this line in in it Possible Fix in Contributions? Read the Details Here "Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.