shawkes Posted July 17, 2005 Share Posted July 17, 2005 I have searched and searched and have not found the answer to this problem. I have my site setup to return to the page you were on before login, but if the page was not a secure page it redirects to the same page but on the secure server. This is causing security alerts on index.php and a Forbidden message on product_info.php. I just want it to return to the non secure page instead of the secure page for non secure pages. I am using a shared SSL if that makes a difference. What am I missing? It is probably a very simple fix(I hope), but I just can't get it to work. Thank you for your time Sean Hawkes Link to comment Share on other sites More sharing options...
Guest Posted July 17, 2005 Share Posted July 17, 2005 if a customer clicks to login, they stay on the secure page until taken to a different page which does not require login. are you forcing login before they do anything else? Link to comment Share on other sites More sharing options...
shawkes Posted July 17, 2005 Author Share Posted July 17, 2005 if a customer clicks to login, they stay on the secure page until taken to a different page which does not require login. are you forcing login before they do anything else? <{POST_SNAPBACK}> They are taken to a SSL version of index.php instead of non-SSL and this gives security warnings. index.php does not need to be viewed from the SSL server. Sean Hawkes Link to comment Share on other sites More sharing options...
AlanR Posted July 17, 2005 Share Posted July 17, 2005 They are taken to a SSL version of index.php instead of non-SSL and this gives security warnings. index.php does not need to be viewed from the SSL server. Sean Hawkes <{POST_SNAPBACK}> You've got a problem in the configure.php file or the server you're on responds a little differently than osC expects it to. A link would help. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
Guest Posted July 17, 2005 Share Posted July 17, 2005 If I understand correctly what you're seeing, it's completely normal. When you login, you are redirected from an http page to an https page. Less to more security. No problem. After login, if you were redirected from a secure page to an insecure page, your browser would *always* complain that this was a potential security risk. Therefore, after you login, the majority of the links that you get are http:// links, so that you're taken back to a non-secure connection except for those things that need to be secure (i.e. account info, order info, etc). You have to click on the insecure links, as opposed to being auto-redirected to an insecure link, so that your browser won't yell at you. Having your browser tell a customer that they're being redirected from a secure page to an insecure page is not likely to inspire confidence in your site's security. -jared Link to comment Share on other sites More sharing options...
FalseDawn Posted July 17, 2005 Share Posted July 17, 2005 Correct. This is a built-in "feature" of every modern browser. The problem occurs when you use tep_redirect (change the headers) to go from a secure page to a non-secure page without user intervention, often when there is POST data involved, too. The warning can be turned off in the user's browser, but not many do, so you'll need another solution. It is not a problem when the user actually clicks a link to do the same. If you are redirecting from login to another page automatically after login (and if your login is https, which I assume it is), that page will have to be https:// or the warning will appear. Link to comment Share on other sites More sharing options...
stevel Posted July 17, 2005 Share Posted July 17, 2005 The redirect to a secure version of the page is intentional and is designed to avoid the problem FalseDawn describes. Once you're on the target page, further links will be to the non-SSL version. Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
shawkes Posted July 17, 2005 Author Share Posted July 17, 2005 Ok I understand that now, but if I try to login while viewing a product page the redirect to the secure page fails and says "You don't have permission to access /product_info.php on this server." Is this a problem with my SSL setup? Sean Hawkes Link to comment Share on other sites More sharing options...
stevel Posted July 17, 2005 Share Posted July 17, 2005 Yes, it is. Are you on a host that requires you to put SSL content in a separate place? If so, you'll have to duplicate your store in the SSL location. Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
shawkes Posted July 17, 2005 Author Share Posted July 17, 2005 Yes, it is. Are you on a host that requires you to put SSL content in a separate place? If so, you'll have to duplicate your store in the SSL location. <{POST_SNAPBACK}> No I do not have to duplicate it, but I will try some changes to configure.php and see if that fixes it. Sean Link to comment Share on other sites More sharing options...
shawkes Posted July 17, 2005 Author Share Posted July 17, 2005 Ok I found the problem contribution Ultimate SEO URL's. If I disable that things work right again. Thanks for all the info. Sean Hawkes Link to comment Share on other sites More sharing options...
stevel Posted July 17, 2005 Share Posted July 17, 2005 SEO URL contribs cause more problems than they solve, in my opinion. Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.