Guest Posted December 30, 2004 Posted December 30, 2004 I have a big problem a customer just reported. If you are on our site and add a product to your cart and you login, you are in SSL mode and you receive a lock icon. However, when you go to the page to enter your credit card information the lock disappears. The URL still includes HTTPS. https://secure.certfx.com/checkout_payment.php If you want to view it on our site I created a test user. username: [email protected] password: oscommerce Any input is greatly appreciated. Jason Collier
♥Vger Posted December 30, 2004 Posted December 30, 2004 You have off-site links which are http. I think you'll find that this is your problem. Vger
Guest Posted December 30, 2004 Posted December 30, 2004 Vger, You think the Amazon.com infobox is causing the problem?? I checked out the "Manage Account" link on Amazon.com as it uses SSL and it also has the same problem. And they have several links to non-SSL, so I think you are right, just can't believe that would cause it though. How is a link to a non-secure page causing IE not to report the session encrypted. Jason Collier
♥Vger Posted December 30, 2004 Posted December 30, 2004 Basically, if anything on the page is not https then the page is not secure. Vger
Guest Posted December 31, 2004 Posted December 31, 2004 Hmm, the Amazon box appears on other pages and the lock icon is there. In fact, everything looks about the same. When I go to edit the account info, the lock reappears (along with all the other stuff like the Amazon box). I just looked at your source (right click then click View Source) on the page you gave, the logged in page (with missing icon) and the the change billing address page (with icon reappearing) In the first and third pages, your base href is https://www.secure.certfx.com and for the one in the middle (without the icon) your base href is http://www.certfx.com. I had this problem when I fired up my site and it had to do with how my server needed to be told to go secure. In your case it may be different because you're using a subdomain for the secure connection, right? Maybe it is in your includes/configure.php settings. I've seen folks post the contents of the file and it has often shown the problem right away. Try that and we'll have a look. Be sure to XXXXX out private things like your database password. Specifically, I'd look at the definitions for http and https server and cookie paths. I'm pretty much a newb, but I'm happy to help if I can.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.