Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Shared SSL


pcferreira

Recommended Posts

Hi all!

 

I have a problem that I didn't solve yet. Please anyone can help?

 

I am using a shared SSL in my server.

 

When I add a product to the shopping cart and I am going to checkout, I am redirected to the login page. Everything is ok until I enter my login and password.

 

After this I should be in my shipping information, that's obvious... but sometimes, or I can say, many times, I am redirected to the shopping cart and it says it is empty.

 

I don't know why this is happening...

 

Thanks.

 

PS: I made this template: RPGZ but I am still working on it!!!!!

PC

Link to comment
Share on other sites

Your session is not making it over to the SSL side. Make sure that "Force Cookie Use" is set to "false" in admin (under sessions). You cannot use this option with shared SSL.

 

The other usual cause of this error is making HTTPS_COOKIE_DOMAIN the same as HTTP_COOKIE_DOMAIN when using shared SSL. The COOKIE_DOMAINs must match the domains of the corresponding SERVER defines.

Link to comment
Share on other sites

Your session is not making it over to the SSL side. Make sure that "Force Cookie Use" is set to "false" in admin (under sessions).  You cannot use this option with shared SSL.

 

The other usual cause of this error is making HTTPS_COOKIE_DOMAIN the same as HTTP_COOKIE_DOMAIN when using shared SSL.  The COOKIE_DOMAINs must match the domains of the corresponding SERVER defines.

 

My configure.php:

 

define('HTTP_SERVER', 'http://rpgz.com.br'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.rpgz.com.br/~rpgz'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.rpgz.com.br');

define('HTTPS_COOKIE_DOMAIN', 'www.rpgz.com.br/~rpgz');

 

Now everything is working....

 

Thanks...

PC

Link to comment
Share on other sites

Ok - the important thing is that HTTPS_COOKIE_DOMAIN is different from HTTP_COOKIE_DOMAIN for shared SSL. You'll find a session ID in the URL of all your https pages, but that's ok.

Link to comment
Share on other sites

Yes, it is normal to have SIDs in the https pages with shared SSL, even if the browser accepts cookies. Theoretically, the SID should disappear on the second page in https as well, but I have not been successful in doing that, despite trying various values for HTTPS_COOKIE_DOMAIN. I haven't spent the time to analyze the problem as I don't consider it a big deal.

Link to comment
Share on other sites

PS: I made this template: RPGZ but I am still working on it!!!!!

 

I like what you've done to the left colum very nice, sorry that i cant help with your problem, just had to congratulate you on your work in progress

Link to comment
Share on other sites

Yes, it is normal to have SIDs in the https pages with shared SSL, even if the browser accepts cookies.  Theoretically, the SID should disappear on the second page in https as well, but I have not been successful in doing that, despite trying various values for HTTPS_COOKIE_DOMAIN.  I haven't spent the time to analyze the problem as I don't consider it a big deal.

 

stevel i made a mistake what i ment was i have sid actually in my files ex:Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

define('NAVBAR_TITLE', 'Create an Account');

 

define('HEADING_TITLE', 'My Account Information');

 

define('TEXT_ORIGIN_LOGIN', '<font color="#FF0000"><small><b>NOTE:</b></font></small> If you already have an account with us, please login at the <a href="%s?osCAdminID=aa2ea8defb333a322c0723263761770a"><u>login page</u></a>.');

 

define('EMAIL_SUBJECT', 'Welcome to ' . STORE_NAME);

define('EMAIL_GREET_MR', 'Dear Mr. %s,' . "\n\n");

 

is that normal?

thanks again Don

Link to comment
Share on other sites

You certainly don't want that! It's wrong on several counts. It should look something like:

 

define('TEXT_ORIGIN_LOGIN', '<font color="#FF0000"><small><b>NOTE:</b></font></small> If you already have an account with us, please login at the <a href="'.tep_href_link(FILENAME_LOGIN,"","SSL") .'"><u>login page</u></a>.');

Link to comment
Share on other sites

this is the original file catalog/inc/lang/eng/create_account.php that came with it is it incorrect then?

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

define('NAVBAR_TITLE', 'Create an Account');

 

define('HEADING_TITLE', 'My Account Information');

 

define('TEXT_ORIGIN_LOGIN', '<font color="#FF0000"><small><b>NOTE:</b></font></small> If you already have an account with us, please login at the <a href="%s"><u>login page</u></a>.');

 

define('EMAIL_SUBJECT', 'Welcome to ' . STORE_NAME);

Link to comment
Share on other sites

Hmm - I'm away from my sources so I can't check. But if there's an sprintf call in create_account for this, then it would be ok. Definitely the osCAdminID field does not belong there.

Link to comment
Share on other sites

i just went in and deleted the sid and i tested my site and it did send me to the login page from create account any idea how sid got there had some in login .php also think mi admin config file may be set up wrong.i have cookie path blank for https.cookie path for other config file is secure.bluehost .com should both files be set up the same?

 

many ,many thanks for help!!!!!

DON

Link to comment
Share on other sites

HTTPS_COOKIE_DOMAIN should contain the domain (and only the domain) from HTTPS_SERVER. The COOKIE_PATH defines should typically be just '/'. It's not clear to me how these are used.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...