Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Two OSCommerce Set-ups with Secure Server


milesdavis

Recommended Posts

Hello all,

 

I've got a bit of a complicated set-up. Because of limitations with my hosting service, in order for me to use there shared ssl, I would have to change my stores site address to secure.hostingservice.com/mystore -- instead of www.mystore.com!

 

I do not believe my client will be happy with this, so I divised a way around it -- but I think it's flawed.

 

I have two oscommerce installations, one on the non-secure site and one on the secure.hostingservice.com site.

 

I went into the configure.php files for both oscommerce set-ups, and changed the

 

define(HTTP_SERVER)

define(HTTPS_SERVER)

 

variables to reflect each other (ie. http is directed to the non-secure address, and https is directed to the secure address)

 

Now, things work. If you start on my non-secure page and click "my account" it transfers you to the account.php file on the secure site, when you click "catalog" on the secure site it sends you back to the correct page on the non-secure site.

 

NOW, the problem....

 

When I do attempt to create an account, it sends me to the secure site -- that works. But on the non-secure site it still says I'm a "Guest" and when I attempt to log in it says it can't find a file:

 

https://secure.hostingnw.com/shopb/login.ph...da4468d7c11029b

 

 

I figured this could be an issue with the mysql database.. but, is it possible for me to make some more alterations to make this work??

 

Thanks for any help, and please -- if there is an easier way for me to do this, please let me know. I will be doing my transactions through wells fargo, who I believe use verisign.

 

thanks!!

 

-md

Link to comment
Share on other sites

You should not have to change your url. You add the shared secured url as your https: define in your configure.php and it should automatically go back and forth from secure to non secure without any problems. Doing anything else is asking for trouble in the long run. If you cannot do this on your present host then you have a couple of choices.

 

1. Find a new host- there are plenty of good ones out there, there is no reason to jump through hoops becuse your hosting company is clueless.

 

2. Buy a SSL certificate for the site- SSL certificates are cheap, you can find them for less than $50 a year.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

I have two oscommerce installations, one on the non-secure site and one on the secure.hostingservice.com site.

You only need one install of osCommerce, in your normal root directory e.g. /var/www/html/ or /usr/local/apache/htdocs/

 

I'm guessing that you've set up a cookie domain for the shared server. Try this instead

 

define('HTTPS_COOKIE_DOMAIN', '');

 

Vger

Link to comment
Share on other sites

It depends upon how the host has set up the secure side of the hosting account. Most "shared" solutions are set up with a different folder to which the https URL "points".

 

So, if the host is nice and you ask nicely he may "point" the https URL at your normal http folder. This will save you some work, other wise you will have to upload your Store twice. Once in the http folder, and once in the https folder.

 

Having your own SSL is what you really want. so you then get http://www.yours.com and https://www.yours.com - this is problematic as you will need your own IP address, which some hosts are unable 9or unwilling) to provide.

 

My suggestion, is to ask your client to move to a host that can give you your own IP address, and get him to spend the money buying a secure cert for the site.

Link to comment
Share on other sites

So, if the host is nice and you ask nicely he may "point" the https URL at your normal http folder. This will save you some work, other wise you will have to upload your Store twice

 

All that the shared server does is to provide you with an https folder on the server - usually the same one that your domain is hosted on. The SSL certificate is issued to the server, and all folders on the server can use it. This does not mean that you have to duplicate your website. I have many sites running on shared ssl's, and none of them requires duplication of the website - it's only an ssl wrapper you're using for certain transactions. All that's happening is that you are using two access file pathways to reach the same website e.g.

 

https://servername.hostname.com/yourdomain.com

http://yourdomain.com

 

So, same site, same folder on the server, different access routes.

 

Vger

Link to comment
Share on other sites

It 100% depends on how the host has it set up. What I am saying (as it seems you find it hard to understand):

 

https://thehost.com/~username/ <--SSL domain

 

The host will create a folder named (example) httpsdocs within the customers account.

 

He will point said SSL domain at that folder.

 

Which obviously means that the site owner needs to duplicate his site into the new folder. If the host is OK to do so, he may point the SSL domain at the httpdocs folder rather than the httpsdocs folder, which would then save uploading the files twice.

 

Do you understand now? If not I can try to explain again in more simple terms.

Link to comment
Share on other sites

Thanks for all of your responses.

I've been working with the hosting company, using the current method.

 

Can you elaborate more on the cookie domain aspect? I think it may help my current problem. See below:

 

Here is the new problem:

 

Enter the site on the non-secure side (http:), click on "my account"

 

It automatically moves me to the secure side (https://secure.etc...)

 

I enter all of my log in information and create an account, works.

 

Click on "catalog" to go back to the main non-secure page.

 

It shows "Welcome, Milesdavis!" on the non-secure side, so that works..

 

BUT -- here is the problem.

 

If I then click on "checkout" or "my account" it sends me back to the secure side, but without remembering who I am or the fact that I logged in.

 

Now, when I attempt to log in again with the same name and password it gives me a DNS page (an error caused with login.php)

 

So, I was thinking it might have something to do with how the cookies are set-up? I'm very new to this aspect, what do you all think?

 

----

 

Now, this seems like it's starting to work -- but, it might be a problem area if the login information isn't shared correctly. So, I have these options --

 

1.) Will a SSL cert. be part of a online merchant account with Wells Fargo, and if so -- would this be a solution?

 

2.) My hosting co. does offer a dedicated IP, which they say will solve the two set-ups problem. It's reasonably priced at $25 a year.. would this be a smarter route?

 

 

Thanks So much all.

 

-md

Link to comment
Share on other sites

2.) My hosting co. does offer a dedicated IP, which they say will solve the two set-ups problem. It's reasonably priced at $25 a year.. would this be a smarter route?

 

Yes, for the low cost it would save a lot of issues, but note that the charge is likely for the IP address only, and you would still be expected to purchase the SSL Cert.

 

Also try storing sessions in the MySQL database. See the bottom of the 2 configure.php files...

Link to comment
Share on other sites

Yes, for the low cost it would save a lot of issues, but note that the charge is likely for the IP address only, and you would still be expected to purchase the SSL Cert.

 

Also try storing sessions in the MySQL database.  See the bottom of the 2 configure.php files...

 

I think the SSL cert will come through the internet merchant account, I believe wells fargo uses verisign.

 

About the MySQL database storing sessions -- is there something I should change, add to make it work differently than it currently does?

 

thanks!

 

md

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...