marsupial Posted July 29, 2006 Share Posted July 29, 2006 Hi, I have shared SSL setup and if you select login or create new user or just go straight through checkout it works fine, the padlock is shown. My problems are these: 1/ If a user enters the site but does not log in they can add an item to the cart, which is ok because when they go to checkout it asks for them to login. Problem is that after they login it says the cart is empty so when they click the return button the home page says "welcome guest" but the shopping cart shows they have 1 item in it. Upon trying to checkout again it asks to login and so the loop goes around. 2/ The biggest pain I am having is the fact that the user can login and do whatever they like pretty well secured but if they happen to click on the store log which takes them home it isn't https and therefore logs them out and says "welcome guest". Can anybody advise? Stephen Link to comment Share on other sites More sharing options...
♥Vger Posted July 29, 2006 Share Posted July 29, 2006 In includes/configure.php neither your http nor https cookie domains should have either http:// or https:// in them. Some examples: http_cookie_domain = 'www.yourdomain.com' or just 'yourdomain.com' https_cookie_domain with full ssl is same as above but must match how the ssl cert is issued (with or without www.) https_cookie_domain for shared ssl = 'secure.yourhosts.com/yourdomain.com' or something like 'server9.yourhosts.com/~yourdomain' Check with your hosts as to what the shared ssl should be. If you have no ssl then leave https_cookie_domain blank - nothing between the two apostrophies. Vger Link to comment Share on other sites More sharing options...
marsupial Posted July 30, 2006 Author Share Posted July 30, 2006 In includes/configure.php neither your http nor https cookie domains should have either http:// or https:// in them. Some examples: http_cookie_domain = 'www.yourdomain.com' or just 'yourdomain.com' https_cookie_domain with full ssl is same as above but must match how the ssl cert is issued (with or without www.) https_cookie_domain for shared ssl = 'secure.yourhosts.com/yourdomain.com' or something like 'server9.yourhosts.com/~yourdomain' Check with your hosts as to what the shared ssl should be. If you have no ssl then leave https_cookie_domain blank - nothing between the two apostrophies. Vger Vger I think I have everything set as you specified. I have removed things for security reasons but this is what I have and still it does the same thing. <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://mydomain.com.au'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://myhost.com/~mybusiness'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'mydomain.com.au'); define('HTTPS_COOKIE_DOMAIN', 'mydomain.com.au'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/mybusiness/public_html/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'mybusiness_osc1'); define('DB_SERVER_PASSWORD', 'whatever'); define('DB_DATABASE', 'mybusiness_osc1'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> Link to comment Share on other sites More sharing options...
marsupial Posted July 30, 2006 Author Share Posted July 30, 2006 Vger I think I have everything set as you specified. I have removed things for security reasons but this is what I have and still it does the same thing. <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://mydomain.com.au'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://myhost.com/~mybusiness'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'mydomain.com.au'); define('HTTPS_COOKIE_DOMAIN', 'mydomain.com.au'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/mybusiness/public_html/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'mybusiness_osc1'); define('DB_SERVER_PASSWORD', 'whatever'); define('DB_DATABASE', 'mybusiness_osc1'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> Link to comment Share on other sites More sharing options...
marsupial Posted August 2, 2006 Author Share Posted August 2, 2006 This started working ok and now for some reason has gone back to misbehaving. I can't make my site live when it is behaving like this. The only thing I did last night was to change the permissions on the images folder to 755 for security reasons as suggested by another user on this forum. Now it is as simple as if a user logs in they get thrown to the welcome screen which says "welcome <user name>" but as soon as the logged in user selects cart they are asked to log in again. Same if they log in and then select the header graphic which takes them hom it comes up with the login screen but if I select the header again it takes them home with "Welcome Guest". I am at the end with this. I have spent some 40hrs getting the site to where it is ready to go live in a week and now this happens. Can someone please help with any ideas as to what is going on? Link to comment Share on other sites More sharing options...
marsupial Posted August 2, 2006 Author Share Posted August 2, 2006 This started working ok and now for some reason has gone back to misbehaving. I can't make my site live when it is behaving like this. The only thing I did last night was to change the permissions on the images folder to 755 for security reasons as suggested by another user on this forum. Now it is as simple as if a user logs in they get thrown to the welcome screen which says "welcome <user name>" but as soon as the logged in user selects cart they are asked to log in again. Same if they log in and then select the header graphic which takes them hom it comes up with the login screen but if I select the header again it takes them home with "Welcome Guest". I am at the end with this. I have spent some 40hrs getting the site to where it is ready to go live in a week and now this happens. Can someone please help with any ideas as to what is going on? Sometimes it pays not to listen to others but you gotta try. The problem was the new permission settings and shared SSL together. Don't listen to anyone that says you can change the permissions on the image folder as it doesn't work. Leave them at 777 which is a very unfortunate thing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.