Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

shouldn't use shared SSL?


webarton

Recommended Posts

Hello, I post my question already but no replies. I've been wondering for few days and have no solution yet.

I'm sorry I'm posting again.

 

I have set up osCommerce on my shared server. I'm also using a shared SSL certificate for some pages which need secure transactions.

I'd like to remove osCsid for secure transactions but according to this page, the http domain should pass osCsid to https state as it's the way to bypass the transaction.

 

Does it mean I can't remove osCsid if I keep using shared SSL and should use a dedicated SSL?

 

Cound anyone give me some advice?

Thanks

 

osCommerce 2.2-MS2

Link to comment
Share on other sites

Hi Aki

 

You researched your problem, and that is great.

Someone on a shared server should be able to help.

Ithink (but I am not sure) you need to change your temp directory in admin.

Link to comment
Share on other sites

not possibble with a shared SSL you can not use cookies.

and if you want to get rid of that url You need cookies.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

Thanks Leslie and Satish,

 

I might have to get a dedicated SSL...

But if I shouldn't use a shared SSL, I wonder why some hosting services say that you can set up osCommerce on their server but they only allow their shared SSL and don't allow to use a dedicated SSL.

Link to comment
Share on other sites

I may not be understandng the problem but there's no reason not to use a shared ssl. The question you asked wa show to remove the SID from a secure url. That is a different matter. There's really no reason to remove the SID from those url's except for appearance. If that is what you want, then you would need a private ssl. Otherwise, your shop should work fine. As for the host, if they only offer a shared ssl, my guess is they are not a real host or can't afford the expense of carrying the IP's. In order to offer private ssl's, a private IP must be used and those are not just handed out. So they probably are not able to order the IP's, for whatever reason, which means they can't allow private certs.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thanks Jack, I understand why some hosting services only allow a shared SSL.

 

I'd like to remove osCsid from secure and not secure URL for a security reason.

 

If someone logs onto the site, browses products, copies the url and pastes it in BBS or forum or something, other people could visit the site via the URL.

But the problem is that the other people could login as the person who posted the link and therefore see their personal information etc.

I'm worried someone could see my customer's information when the URL is shown with osCsid like below;

https://test.securesslhost.net/~test/accoun...p;osCsid=xxxxxx

 

So I'm wondering how people solve this security probrem if they have a shared SSL.

Link to comment
Share on other sites

The problem with removing the SID has already been answered. I can't imagine why one would copy a link to their checkout page but I suppose it could happen. Using a private SSL should fix that.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

The problem with removing the SID has already been answered. I can't imagine why one would copy a link to their checkout page but I suppose it could happen. Using a private SSL should fix that.

 

Jack

 

Thanks Jack, I'm sorry I couldn't find the topic which has an ansewer of the problem with SID and I wan't confident with my thought. Now it's clear and I'll use a private SSL.

 

Thanks again.

aki

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...