Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL works, but logon is redirected


slc02722

Recommended Posts

Posted

When I create a new account everything works fine. The padlock appears when I?m on a secure page and it goes away if I?m not.

 

The problem is when I log in as a returning customer. I get the following message from Internet Explorer:

 

You are about to be redirected to a connection that is not secure.

 

The information you are sending to the current site might be retransmitted to a nonsecure site. Do you wish to continue?

 

I choose ?yes? and I?m sent to index.php (non-secure). I?m logged in and everything else works fine.

 

I don?t want returning customers to have this message.

 

Any ideas?

 

thanks

Posted
When I create a new account everything works fine. The padlock appears when I?m on a secure page and it goes away if I?m not.

 

The problem is when I log in as a returning customer. I get the following message from Internet Explorer:

 

You are about to be redirected to a connection that is not secure.

 

The information you are sending to the current site might be retransmitted to a nonsecure site. Do you wish to continue?

 

I choose ?yes? and I?m sent to index.php (non-secure). I?m logged in and everything else works fine.

 

I don?t want returning customers to have this message.

 

Any ideas?

 

thanks

I think you'll find that as you are re-opening the site on the same PC it is remembering your cookies from the last visit was an https page so to test delete cookies then go to your site home page again (It shouldn't give the warnings)

 

Kind Regards,

Michelle.

Posted

Did you make any change to application_top.php to get the ssl working correctly?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

I set it up application_top.php like this:

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

the results of myenv.php:

 

http:

HTTP HOST: www.paintballtx.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

https:

HTTP HOST: www.paintballtx.com

Server Port: 443

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

Posted

After a lot of reading I made this change to catalog/includes/functions/general.php:

 

if ( (ENABLE_SSL == true) && (getenv('HTTP_X_FORWARDED_HOST') == '') ) { // We are loading an SSL page

 

 

It works fine now, but I think I could have saved a lot of time if I knew what a 1&1 server is. I felt too dumb to ask b/c it?s used over and over in this forum.

Posted
After a lot of reading I made this change to catalog/includes/functions/general.php:

 

if ( (ENABLE_SSL == true) && (getenv('HTTP_X_FORWARDED_HOST') == '') ) { // We are loading an SSL page

It works fine now, but I think I could have saved a lot of time if I knew what a 1&1 server is. I felt too dumb to ask b/c it’s used over and over in this forum.

Nope, you should make it like so:

 

if ( (ENABLE_SSL == true) && (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';) ) { // We are loading an SSL page

 

Just think through it, I can't describe every eventuality in the posts.

 

1&1 is a hosting company.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

Too many parenthesis in that post, ignore it.

 

if ( (ENABLE_SSL == true) && (getenv('SERVER_PORT') == '443') ) { // We are loading an SSL page

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted
if ( (ENABLE_SSL == true) && (getenv('SERVER_PORT') == '443') ) { // We are loading an SSL page

 

That was the first thing I tried. It seemed obvious. It didn't work.

 

This worked perfectly:

if ( (ENABLE_SSL == true) && (getenv('HTTP_X_FORWARDED_HOST') == '') )

In fact I tried about a dozen combinations before I got the one that worked. If I've still made a mistake, please let me know what it is.

 

Also - thanks for all your help. :thumbsup:

Posted
That was the first thing I tried. It seemed obvious. It didn't work.

 

This worked perfectly:

if ( (ENABLE_SSL == true) && (getenv('HTTP_X_FORWARDED_HOST') == '') )

In fact I tried about a dozen combinations before I got the one that worked. If I've still made a mistake, please let me know what it is.

Well, since you're on dedicated ssl and (getenv('HTTP_X_FORWARDED_HOST') == '') will always be true you could just replace that line with:

 

if (ENABLE_SSL == true) { // We are loading an SSL page

 

which is kind of counterproductive.

 

;)

 

Basically what you are doing is setting:

 

<base href="https://www.paintballtx.com/">

 

for every redirect whether you're coming from an http link or an https link. It will eliminate any warnings for sure but it also means you're pulling images from https when you don't need to.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...