Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL connection


Marmelo

Recommended Posts

There is no need to use SSL for the Admin Tool. The connection to the database is secure, and your admin tool is username and password protected. There is no sensitive data (credit card numbers etc) stored in the admin directory so you can ignore this message.

 

If you decide you still want to use SSL for the admin tool - set enable_SSL in your admin configure.php file to true and insert the appropriate URL's in this file.

Link to comment
Share on other sites

  • 3 weeks later...
There is no need to use SSL for the Admin Tool. The connection to the database is secure, and your admin tool is username and password protected. There is no sensitive data (credit card numbers etc) stored in the admin directory so you can ignore this message.

 

If you decide you still want to use SSL for the admin tool - set enable_SSL in your admin configure.php file to true and insert the appropriate URL's in this file.

I'm planning to install the AIM payment module and want to secure admin with ssl for mysql import / export. Edited admin/includes/configure.php as below.

 

define('HTTP_SERVER', 'https://secure.Myhost/~userName');

define('HTTPS_SERVER', 'https://secure.Myhost/~userName');

define('ENABLE_SSL_CATALOG', 'true');

 

However, admin is not secure. Now I'm getting the following message when go to catalog > admin:

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/UserName/public_html/catalog/admin/includes/configure.php:1) in /home/UserName/public_html/catalog/admin/includes/functions/sessions.php on line 67

 

I set: admin > configuration > sessions > session directory to : tmp (removed the" /")

 

no change

 

checked Mysql db configuration_title: Session Directory > configuration_value: "tmp" ok

 

but still get warning? am I missing something trying to secure admin with ssl?

 

does anyone know how I can remove "headers already sent" warning? I've tried all fixes in the forum including inserting

if (STORE_SESSIONS != 'mysql') { // added this line to turn off this checking if storing session info in db

in In catalog/includes/functions/sessions.php, and catalog/admin/includes/configure.php.

 

Thanks for any help, scot

Link to comment
Share on other sites

ok here's the fix for everyone:

 

to secure admin with ssl: edit catalog/admin/includes/configure.php

define('HTTP_SERVER', 'https://secure.MyHost.com/~MyUserName'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'http://www.MyDomain.com');
define('HTTPS_CATALOG_SERVER', 'https://secure.MyHost.com/~MyUserName');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

The lock symbol in the admin cpanel is not reliable so check your browser address to insure it's secure.

As for the warning:

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/UserName/public_html/catalog/admin/includes/configure.php:1) in /home/UserName/public_html/catalog/admin/includes/functions/sessions.php on line 67

look at "output started at path", and find the last file in the path. In above warning it's the admin configure.php. Open that file and look for a "rouge" space before the opening <?php tag, our after the closing ?> tag and remove it.

 

cheers, scot

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...