Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Shared Secure Server


webmaster69

Recommended Posts

I am using the current version of osCommerce.

 

With no secure server oscommerce runs perfect.

 

When I use SSL which is shared, I get the 404 error (page not found) when I try to log back in to an account or with the last step when confirming my order.

 

This seems to be a common problem, I spent all day searching the forum but haven't found a cure.

 

I want to use osCommerce with my shared secure server, the question is, is this possible?

 

My SSL is set up as follows:

We have mapped the URL:-

 

https://web1.secure-secure.co.uk/rallyspares.co.uk/ to http://www.rallyspares.co.uk

 

 

As far as I know I have both configure files set up correctly:

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://rallyspares.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://web1.secure-secure.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'rallyspares.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'web1.secure-secure.co.uk');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/rallyspares.co.uk/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/rallyspares.co.uk/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 

Any help from the experts would be great!!!!

Link to comment
Share on other sites

With the low cost of ssl these days, it is best to get your own.

 

Anyhow your SSL variable is wrong, should be:

define('HTTPS_SERVER', 'https://web1.secure-secure.co.uk/rallyspares.co.uk/');

 

Actually, check that...

Also remove rallyspares.co.uk/ from HTTPS cookie and catalog

Link to comment
Share on other sites

With the low cost of ssl these days, it is best to get your own.

 

Anyhow your SSL variable is wrong, should be:

define('HTTPS_SERVER', 'https://web1.secure-secure.co.uk/rallyspares.co.uk/');

 

Actually, check that...

Also remove rallyspares.co.uk/ from HTTPS cookie and catalog

 

If I add /rallyspares.co.uk/ it gets duplicated in the address an nothing the works

Link to comment
Share on other sites

I am using the current version of osCommerce.

 

With no secure server oscommerce runs perfect.

 

When I use SSL which is shared, I get the 404 error (page not found) when I try to log back in to an account or with the last step when confirming my order.

 

This seems to be a common problem, I spent all day searching the forum but haven't found a cure.

 

I want to use osCommerce with my shared secure server, the question is, is this possible?

 

My SSL is set up as follows:

We have mapped the URL:-

 

https://web1.secure-secure.co.uk/rallyspares.co.uk/ to http://www.rallyspares.co.uk

 

Yes osCommerce is compatible, I've got it working.

As far as I know I have both configure files set up correctly:

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

  define('HTTP_SERVER', 'http://rallyspares.co.uk'); // eg, http://localhost - should not be empty for productive servers

  define('HTTPS_SERVER', 'https://web1.secure-secure.co.uk'); // eg, https://localhost - should not be empty for productive servers

  define('ENABLE_SSL', true); // secure webserver for checkout procedure?

  define('HTTP_COOKIE_DOMAIN', 'rallyspares.co.uk');

  define('HTTPS_COOKIE_DOMAIN', 'web1.secure-secure.co.uk');

  define('HTTP_COOKIE_PATH', '/catalog/');

  define('HTTPS_COOKIE_PATH', '/rallyspares.co.uk/catalog/');

  define('DIR_WS_HTTP_CATALOG', '/catalog/');

  define('DIR_WS_HTTPS_CATALOG', '/rallyspares.co.uk/catalog/');

  define('DIR_WS_IMAGES', 'images/');

  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 

Any help from the experts would be great!!!!

Link to comment
Share on other sites

Yes osCommerce is compatible. A few adjustments and it works great !!!!!!!!!!

 

Must admit I confuse easily - but are you saying that with safemode off and following directions above I can use the shared certificate ?. and all will work oK

 

thanks

 

Geoff

Geoff

 

Telegraph Point 2441

Australia

Link to comment
Share on other sites

Yes, except that this advice is slightly wrong

define('HTTPS_SERVER', 'https://web1.secure-secure.co.uk/rallyspares.co.uk/');

You need to remove the slash on the end of rallyspares.co.uk

 

This is adapted from a working shared ssl site

define('HTTPS_SERVER', 'https://web1.secure-secure.co.uk/rallyspares.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('HTTP_COOKIE_DOMAIN', 'www.rallyspares.co.uk');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

That should do it. Don't forget though, that because you are on a shared ssl the user will get a warning pop-up when switching to SSL mode, because the SSL cert is in the name of your web server and not in your domain name.

 

Vger

Link to comment
Share on other sites

I have got this to work with no errors, including no warning pop-up when switching to SSL mode.

The configuration table in post 1 is exactly right.

On the home page of osCommerce put your mouse over the link 'log yourself in' and then over 'my account' in the top right header.

You will notice if you look in the bottom bar of your browser that you are directed to 2 diferent addresses. The fault only occurs on the 'log yourself in' link, if you change the link to that of the 'my account' in the top right header you will have no problems.

To cure the other problem I sacrificed one of the funtions which I had disabled anyway. The function is the one that keeps a customer up to date on a product. On the 'success page' simply replace the continue link with a relative link back to the home page.

That's it I've done it on a shared server and tested it fully with no errors what so ever!!

Link to comment
Share on other sites

I have got this to work with no errors, including no warning pop-up when switching to SSL mode.

The configuration table in post 1 is exactly right.

On the home page of osCommerce put your mouse over the link 'log yourself in' and then over 'my account' in the top right header.

You will notice if you look in the bottom bar of your browser that you are directed to 2 diferent addresses. The fault only occurs on the 'log yourself in' link, if you change the link to that of the 'my account' in the top right header you will have no problems.

To cure the other problem I sacrificed one of the funtions which I had disabled anyway. The function is the one that keeps a customer up to date on a product. On the 'success page' simply replace the continue link with a relative link back to the home page.

That's it I've done it on a shared server and tested it fully with no errors what so ever!!

 

by following the above I have managed to change the links so that log in etc all point to in my case https://www.telepoint.biz, I then get a page error entering into the https area.

 

the path to my http files is

 

'/home/httpd/vhosts/telepoint.biz/httpdocs/catalog/

and so I assume to my https files is

'/home/httpd/vhosts/telepoint.biz/httpsdocs/catalog/

 

however I have not actually put any files in to the https folders so - is the redirect to https transparent or should I actually locate my oscommerce files in the https folder ?

 

thanks

 

Geoff

Geoff

 

Telegraph Point 2441

Australia

Link to comment
Share on other sites

  • 1 month later...

Hello all,

 

I thought I had hope when I found this thread. Right up my alley. My cure-all, my panacea!! But, noooooo ...

 

I assume that sessions must be stored in mysql FOR THIS TO WORK, as follows in the configure.php

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

Is this right? When I do this, I get the following error in short order (one or two clicks):

 

Fatal error: Failed opening required 'includes/languages/.php' (include_path='') in /home3/www/rms-republic/catalog/includes/application_top.php on line 285

 

Now, when I have STORE_SESSIONS blank, it all works, EXCEPT I cannot checkout or otherwise access my shared secure server. When accessing my shared secure server, I then get:

 

----

 

Warning: session_start(): open(/tmp/sess_d84a92630cf019093b354b076397a61e, O_RDWR) failed: Permission denied (13) in /home3/www/rms-republic/catalog/includes/functions/sessions.php on line 67

 

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home3/www/rms-republic/catalog/includes/functions/sessions.php:67) in /home3/www/rms-republic/catalog/includes/functions/sessions.php on line 67

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home3/www/rms-republic/catalog/includes/functions/sessions.php:67) in /home3/www/rms-republic/catalog/includes/functions/sessions.php on line 67

 

Warning: Cannot modify header information - headers already sent by (output started at /home3/www/rms-republic/catalog/includes/functions/sessions.php:67) in /home3/www/rms-republic/catalog/includes/functions/general.php on line 29

 

Warning: session_write_close(): open(/tmp/sess_d84a92630cf019093b354b076397a61e, O_RDWR) failed: Permission denied (13) in /home3/www/rms-republic/catalog/includes/functions/sessions.php on line 106

 

Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in /home3/www/rms-republic/catalog/includes/functions/sessions.php on line 106

----

 

I assume, because the /tmp file is NOT on the secure server, it can't find the session.

 

To fix this problem, I've read that I must store sessions in mysql. But, if I do that, I get the previously mentioned error.

 

I'm at a complete loss, having tried to work this out for three days, reading all the forums. Yes, I did RTFMS!!! Perhaps it's an ID-10-T or PEBKAC problem?

 

I guess I can get my own secure server. But others have gotten their solution. Why not me, too? Oh well, I guess it's coal in my stocking this Xmas.

 

Any help would be greatly appreciated.

 

TIA.

 

Marty >_<

Link to comment
Share on other sites

Well, I got it working!!

 

Changed my configuration.php as follows:

 

changed the 'define('HTTPS_COOKIE_DOMAIN'' to the same as HTTP_COOKIE_DOMAIN

 

define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com');

define('HTTPS_COOKIE_DOMAIN', 'www.mydomain.com');

 

This is with a blank: define('STORE_SESSIONS', '');

 

And it all works (at least from what I can see). I hope this helps someone else.

Link to comment
Share on other sites

if your store_sessions is blank, and will not work with mysql in there, your php.ini needs modification.

 

magic_quotes_gpc = On

magic_quotes_runtime = On

to

magic_quotes_gpc = Off

magic_quotes_runtime = Off

Link to comment
Share on other sites

Hello John,

 

Yippeeee!!! :D

 

Now, it all seems to fall into place.

 

Alright, use Store Sessions 'mysql', but now leave blank, as follows:

 

define('HTTPS_COOKIE_DOMAIN', '');

 

Thanks for the slightly early Christmas gift.

 

Regards,

 

Marty

Link to comment
Share on other sites

On a shared ssl I find that it works if you leave https cookie domain empty. I have multiple shared ssl sites working in just that way. I think it has to do with the fact that the shared ssl domain is not your website's domain.

 

Vger

Link to comment
Share on other sites

Found one other problem on a shared SS:L server. After you successfully complete your order, a press on the Continue button produces a 404 Page not Found error.

 

Found this bug in a shared SSL server environment. Followed urchin.nl's May 26, 2004 suggestion for modification of general.php at:

 

http://www.oscommerce.com/forums/index.php?showtopic=74717&st=10

 

And it worked fine, redirecting to the start page.

 

Good work, urchin.nl!!!

 

I'm not much at this, but this change works - so I would suggest that you consider this change on releases.

 

This Bug Reported at: http://www.oscommerce.com/community/bugs,1429

 

Marty

Link to comment
Share on other sites

  • 2 weeks later...

I don't know what 'particular instance' you have in mind. If you have a full ssl then the https cookie domain and path should definitely be filled in. If on a shared ssl then it's a judgement call as to whether you input anything for https_cookie domain or path. I find that on my servers it works by not putting anything in there (on a shared ssl).

 

Vger

Link to comment
Share on other sites

I don't know what 'particular instance' you have in mind.  If you have a full ssl then the https cookie domain and path should definitely be filled in.  If on a shared ssl then it's a judgement call as to whether you input anything for https_cookie domain or path.  I find that on my servers it works by not putting anything in there (on a shared ssl).

 

Vger

 

It was the particular instance of the shared ssl that I was curious about.

I have seen posts where the HTTPS_COOKIE_PATH was filled in to match the HTTP one and sometimes not.

 

As you say it doesn't seeem to matter in this case.

 

Thanks.

 

Dave.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...