Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Configuration


princecharming

Recommended Posts

The login page goes into secure mode but after loging in it gives you a warning that the information can be seen by others. This is not acceptable because customers don't like to see such warnings and it shouldn't be happening because I've seen many oscommerce sites that don't have such a problem.

I have also noticed that in the secure pages I see the https but I don't see the padlock in my browser which makes me wonder if the page is secure at all.

For now I have secured the whole website so the customers wouldn't get the warning and I've also noticed that the padlock is there now that the whole site is secured.

 

Here's my configure.php

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'https://www.princecharming.ca'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.princecharming.ca'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.princecharming.ca');

define('HTTPS_COOKIE_DOMAIN', 'www.princecharming.ca');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Does anyone know how to fix such problems? I can't keep my whole site secure as the search engines can't scan it.

Link to comment
Share on other sites

 

Thanks for the info. I checked the application_top and found that since I moved my cart from netfirms.com to a different host, line 41 had the netfirms.com configuration and looked like this

$request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), ".sslpowered.com")) ? 'SSL' : 'NONSSL';

but when I changed it to

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

all the secure pages show the padlock now.

 

Still one more problem thoug. When you login you're taken to a nonsecure page therefore the warning that the information can be seen by others.

 

Would you know how to fix this remaining small problem?

 

Thanks

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...