damianbunn Posted March 14, 2007 Posted March 14, 2007 SSL is installed on my site. The site is accessed using HTTP: however the checkout process is secured using SSL. The header changes to HTTPS: as expected. I go through the payment process and finish the checkout and continue back to the front page. Upon returning to the front page I get the nonsecure items warning message and notice that the URL still starts with HTTPS: where I would have expected it to go back to HTTP. Is there a way I can fix this to force it to go back to HTTP: Here is my includes/configure.php define('HTTP_SERVER', 'http://www.<mydomain>.com'); define('HTTPS_SERVER', 'https://www.<mydomain>.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.<mydomain>.com'); define('HTTPS_COOKIE_DOMAIN', 'www.<mydomain>.com'); define('HTTP_COOKIE_PATH', '/eShop/catalog/'); define('HTTPS_COOKIE_PATH', '/eShop/catalog/'); define('DIR_WS_HTTP_CATALOG', '/eShop/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/eShop/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/kwlc/public_html/eShop/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); And from the admin configure.php // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'https://www.<mydomain>.com'); define('HTTPS_SERVER', 'https://www.<mydomain>.com'); define('HTTP_CATALOG_SERVER', 'http://www.<mydomain>.com'); define('HTTPS_CATALOG_SERVER', 'https://www.<mydomain>.com'); define('ENABLE_SSL_CATALOG', 'false'); define('DIR_FS_DOCUMENT_ROOT', '/home/kwlc/public_html/eShop/catalog/'); // where the pages are located on the server define('DIR_WS_ADMIN', '/eShop/catalog/admin/'); // absolute path required define('DIR_FS_ADMIN', '/home/kwlc/public_html/eShop/catalog/admin/'); // absolute pate required define('DIR_WS_CATALOG', '/eShop/catalog/'); // absolute path required define('DIR_FS_CATALOG', '/home/kwlc/public_html/eShop/catalog/'); // absolute path required define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
Guest Posted March 14, 2007 Posted March 14, 2007 What needs to be fixed is the method you used to insert images on the homepage of your site. Sounds like you coded them using something like: <img src="http://www.yoursite.com/images/picture.gif"> and that's the problem. When your site kicks into secure mode, any images that are being pulled from HTTP will throw a warning about secure and non-secure items when the site switches to HTTPS mode. You need to change how you're calling those images from the above to this: <img src="../images/picture.gif"> The above is just an example. If you're pulling your images from another folder other than the one I used...images...just replace the word images with whatever your folder is called that stores those images. All you're doing is removing any reference to HTTP so that your site displays all images whether or not the user is in HTTP or HTTPS mode. Hope that helps.
damianbunn Posted March 15, 2007 Author Posted March 15, 2007 Thanks for the response. I have changed to the images are pulled back from HTTPS instead, the issue really is though having checked out and returned back to the front page should it not go back to HTTP rather than staying as HTTPS on the front page. Once I browse to any of the other pages having returned from check out they are all quite rightly changed back to HTTP. I know that this is not really causing any harm but the thing is this does not look very professional and people may to start to have doubts about the security of the site. I believe I know where the problem is occuring. I run a script on the main page that display content from another database. If I could use a variable to provide a valid domain be it http or https then I believe it would resolve the problem. Rgds Damian
damianbunn Posted March 15, 2007 Author Posted March 15, 2007 I believe I know where the problem is occuring. I run a script on the main page that display content from another database. If I could use a variable to provide a valid domain be it http or https then I believe it would resolve the problem. Yes this is the problem, it uses it own base url which is set to http:// So really what I want to achieve is a way in which having continued from the checkout when it returns to the front page can this always be http instead of https. Damian
Recommended Posts
Archived
This topic is now archived and is closed to further replies.