Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Problems during CHECKOUT

magicsenses

By magicsenses
in General Support

Recommended Posts

xronis

xronis

Posted
Posted
I get the lock in IE

 

why are yous ending people on SSL into your shop? there is no need to do so. The pw protection is for the test phase?

sorry monica but i don't understand what y are saying

you seeing the site?

xronis

xronis

Posted
Posted
sorry monica but i don't understand what y are saying

you seeing the site?

ok sorry

the pw is because is not ready yet

in IE SAYS ABOUT SECURE AND NON SECURE ITEMS.i know what this is about

few links are under the ssl,some aren't. but what can i do for the rest which should not be encrypted?

and not getting these messages

 

p.s nothing of this in mozzila

jdvb

jdvb

Posted
Posted
hey Monica please tell mw what's wrong.as you see it's a shared cert.i can't log in as a customer

/e-shop/includes/configure.php

define('HTTP_SERVER', 'http://hellasfon.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://storm.secureguards.com/~hellas1'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'hellasfon.com');

define('HTTPS_COOKIE_DOMAIN', 'https://storm.secureguards.com/~hellas1');

define('HTTP_COOKIE_PATH', '/e-shop/');

define('HTTPS_COOKIE_PATH', 'https://storm.secureguards.com/~hellas1/e-shop/');

/admin/includes/configure.php

define('HTTP_SERVER', 'http://hellasfon.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://hellasfon.com');

define('HTTPS_CATALOG_SERVER', 'https://storm.secureguards.com/~hellas1');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

Session Directory /tmp

Force Cookie Use true

Check SSL Session ID true

Check User Agent false

Check IP Address False

Prevent Spider Sessions true

Recreate Session true

the first config file the https cookie is not set correct, not entirely sure if it works on separate urls, setting http cookie to include a http:// will disable that cookie too, and thus disable cookies all together, setting the https cookie right (without https://) might let it work both, have not looked in how the cookies are stored, if ssl is enabled two cookies should be stored, instead of just one, this might not be set to be so. I doubt this being the case, and expect it to fail. A hack should then be aplied to store a second cookie in order to use the shared ssl.

 

jdvb is my config ok?

let's take this step by step

thanks

this was step 1 I think...

 

either disable cookies, and thus enable the ssl (sessions in the url).

or see that two cookies are stored (perhaps a hack required).

Monika in Germany

♥Monika in Germany

Posted
Posted

if you alter any setting to what jdvb told you, I cannot help you any more ... sorry.

 

af for Mozilla, in this case IE is the more nitpicking one. You have either added http banners or urchin tracking for google, or anything else hardcoded in http. All extras included should be in https, or as with google tracking, only used if you are on non-SSL pages . A simple if/else will do that, there is also a contribution for it I believe.

:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

xronis

xronis

Posted
Posted
if you alter any setting to what jdvb told you, I cannot help you any more ... sorry.

 

af for Mozilla, in this case IE is the more nitpicking one. You have either added http banners or urchin tracking for google, or anything else hardcoded in http. All extras included should be in https, or as with google tracking, only used if you are on non-SSL pages . A simple if/else will do that, there is also a contribution for it I believe.

 

it's me again Mon

i run a php script to see the server response

so for

 

https://storm.secureguards.com/~hellas1/e-shop/env.php i get

 

$HTTP_HOST == storm.secureguards.com

$HTTPS_HOST ==

getenv('SERVER_PORT') == 443

getenv('HTTPS') == on

getenv('HTTP_X_FORWARDED_SERVER') ==

getenv('HTTP_X_FORWARDED_HOST') ==

getenv('HTTP_X_FORWARDED_BY') ==

$_SERVER['HTTPS'] == on

getenv('DOCUMENT_ROOT') == /home/storm/public_html

$DOCUMENT_ROOT == /home/storm/public_html

 

and for

http://www.hellasfon.com/e-shop/env.php i get

 

$HTTP_HOST == www.hellasfon.com

$HTTPS_HOST ==

getenv('SERVER_PORT') == 80

getenv('HTTPS') ==

getenv('HTTP_X_FORWARDED_SERVER') ==

getenv('HTTP_X_FORWARDED_HOST') ==

getenv('HTTP_X_FORWARDED_BY') ==

$_SERVER['HTTPS'] ==

getenv('DOCUMENT_ROOT') == /home/hellas1/public_html

$DOCUMENT_ROOT == /home/hellas1/public_html

 

how will i have all elements in https so that lock in Explorer invokes?

and that "both secure and no secure items" message disappear?

P.S i have the lock when i browse from mozzila

 

any comment will be helpfull ,thanks

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...