Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Unnecessary SSL!!!

siavash

By siavash
in General Support

Recommended Posts

siavash

siavash

Posted
Posted

for some reason or other when i check some normal pages (the ones that do not need to be SSL secured like a product info or listing) the SSL kicks in!! it happns mainly when i change the mnufacturer in the dropdown in the product listings or when there are many products listed and customer had to click next page. this puts un-needed strain on SSL etc. it wasn't like this before i updated some products. i reckon it has got to do with images but can't really figure it out!

 

any help will be appreciated.

 

cheers.

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

siavash

siavash

Posted
  • Author
Posted
for some reason or other when i check some normal pages (the ones that do not need to be SSL secured like a product info or listing) the SSL kicks in!! it happns mainly when i change the mnufacturer in the dropdown in the product listings or when there are many products listed and customer had to click next page. this puts un-needed strain on SSL etc. it wasn't like this before i updated some products. i reckon it has got to do with images but can't really figure it out!

 

any help will be appreciated.

 

cheers.

 

any ideas anyone?

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

Guest

Guest

Posted
Posted

have you modified any of the code for ssl?

post your configure.php without the database info.

siavash

siavash

Posted
  • Author
Posted
have you modified any of the code for ssl?

post your configure.php without the database info.

 

i haven't modifies anything at all! especially the config and ssl related file. it's been untouched for agaes. i have included the configure.php below and a link to my site if you wanna test.

 

the other thing hat happens is that when ii create a ralative link it comes out as a scure link automatically with HTTPS!!!

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.example.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.example.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.example.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.example.com');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/.../htdocs/...');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'mydatabaseserver'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'root');
 define('DB_SERVER_PASSWORD', 'root');
 define('DB_DATABASE', 'mydatabase');
 define('USE_PCONNECT', 'true'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

cheers.

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

ozcsys

ozcsys

Posted
Posted

I just checked out your site and I could not duplicate your problem.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

siavash

siavash

Posted
  • Author
Posted
I just checked out your site and I could not duplicate your problem.

 

 

Strange! I tested/accessed the site again from a different PC from a different network and the problem is still there. do the following and check:

 

1. choose for example, laptops, the top category

2. once in product listing, on top use the pull down and change the brand from show ALL Brands to Acer or Samsung

 

OR

 

1. from the "Shop by Brand" below the categories select a manufacturer for instance, Sahara.

2. if the HTTPS isn't already there, click the "...Next>>>" on top of the listing to go to the second page

 

in both cases you will notice that SSL will kick in unnecessarily!

 

Also, when i put a relative link on a page that causes the new page link to be in SSL! for example the picture on the main page is linked relatively. i.e i have linked it to a category like this: 

<img border="0" [B]src="images/axgardoon/rotate.php"[/B] width="600" height="401" align="center" alt="still use one of these? upgrade your life...">

 

now if you right click on the image and see the image properties you will notice that the location of the image starts with HTTPS (https://www.cia...).

the file rotate.php if a normal non-SSL file and the folder where it is located is in the images/axgardoon which is a normal non-SSL !!

 

apart from potential un-needed strain on SSL there is also the problem of the securtity pop-up. all together it's a real pain in the ass for the site visitor and me!

 

any further insights into this malarkey!

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

Vger

♥Vger

Posted
Posted

Well, yes, it is happening as you describe. But it does not generate warning pop-ups because your ssl certificate is a full certificate. Admittedly it slows the site down.

 

This is just a shot in the dark, but are you hosted with 1and1 by any chance?

 

Vger

siavash

siavash

Posted
  • Author
Posted
Well, yes, it is happening as you describe.  But it does not generate warning pop-ups because your ssl certificate is a full certificate.  Admittedly it slows the site down.

 

This is just a shot in the dark, but are you hosted with 1and1 by any chance?

 

Vger

 

 

yes, that's it 1and1. has it got anything to do with it? it shouldn't, should it?

 

it seems to me as a problem with my store! what wold you suggest?

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

Vger

♥Vger

Posted
Posted

Did you apply the fix, posted in this forum, to get images on https pages to be called from the https web address? This involved changing a NON SSL setting to SSL didn't it? If you did then I think you've found your problem!

 

Vger

siavash

siavash

Posted
  • Author
Posted
Did you apply the fix, posted in this forum, to get images on https pages to be called from the https web address?  This involved changing a NON SSL setting to SSL didn't it?  If you did then I think you've found your problem!

 

Vger

 

errrm...i'm not quiet with you! can you please explain? which fix? if you know where the link to the post is can you please stick here in this thread. others might benefit from it as well if they bump into this topic in future.

 

cheers

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

siavash

siavash

Posted
  • Author
Posted

 

have been on that forum before. i had posted something back in July. the thing is i did the fix and all was working fine ever since. it has happened again without me doing anything relevant.

 

strange! any idea what could have triggered it?

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

Vger

♥Vger

Posted
Posted

Well, first of all, that fix wasn't tested out by any of the Team Members - but a few of the more experienced contributors to the forums did warn that it may cause problems further downthe road.

 

Don't know why you are getting this problem now and not before, but it could be almost any change made to the servers - security patches, upgrades on control panels, sql, php etc.

 

The real problem is 1and1 - other people didn't get the problem that 1and1 customers did.

 

Vger

siavash

siavash

Posted
  • Author
Posted
Well, first of all, that fix wasn't tested out by any of the Team Members - but a few of the more experienced contributors to the forums did warn that it may cause problems further downthe road.

 

Don't know why you are getting this problem now and not before, but it could be almost any change made to the servers - security patches, upgrades on control panels, sql, php etc.

 

The real problem is 1and1 - other people didn't get the problem that 1and1 customers did.

 

Vger

 

thanks for your support. i finally fixed it!!! it seems. i simply undid the fix and after A FEW trials it worked alll of a sudden!!! very weired. it wasted my whole day!

 

would appreciate it if you could test and see it REALLY is fixed now.

 

thanks.

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

Vger

♥Vger

Posted
Posted

Working fine for me now.

 

The earlier problem with 1and1 was (I think) for people who were using their shared ssl certificate. Your site has a full ssl certificate, so you probably did not need to apply the fix.

 

Vger

siavash

siavash

Posted
  • Author
Posted
Working fine for me now.

 

The earlier problem with 1and1 was (I think) for people who were using their shared ssl certificate.  Your site has a full ssl certificate, so you probably did not need to apply the fix.

 

Vger

 

 

again! that was a premature solution! the HTTPS case was resolved but the padlock does not show in Internet Explorer and in Firefox there's a lock with a slash thru it meaning the page is not fully secured/encrypted!

 

when i apply the fix discussed regarding 1and1 and shared SSL (http://www.oscommerce.com/forums/index.php?showtopic=72486) the lock shows but the original problem with unnecessary SSL emerges again!

 

what should I do? HELP! :'(

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

siavash

siavash

Posted
  • Author
Posted
again! that was a premature solution! the HTTPS case was resolved but the padlock does not show in Internet Explorer and in Firefox there's a lock with a slash thru it meaning the page is not fully secured/encrypted!

 

when i apply the fix discussed regarding 1and1 and shared SSL (http://www.oscommerce.com/forums/index.php?showtopic=72486) the lock shows but the original problem with unnecessary SSL emerges again!

 

what should I do? HELP!  :'(

 

solution in the end!!!!

 

you need to make the following changes:

 

find this line in your catalog/includes/application_top.php (around line 40)

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

and change : getenv('HTTPS') == 'on' to getenv('HTTPS') == '1'

or replace the line by this:

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

i learn about this in a recent oscommrece bug report: http://www.oscommerce.com/community/bugs,1...tions+&+Classes

 

thanks to Uwe Loyal and other guys.

Did you try? Did you fail? No matter! Try again. Fail again! But fail better!

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...