wbhendrix Posted February 2, 2008 Posted February 2, 2008 i was looking for a fix so that when people went to my site it automatically went to https.. to accomplish this, i used the following module/htaccess code (linked below)... everything works great, except when i have items in my cart and i try to delete them, i get a security warning and then it refreshes the page w/out deleting the item.... anyone know whats goin on? thanks http://www.oscommerce.com/community/contri...earch,Admin+SSL music. love. harmony.
germ Posted February 2, 2008 Posted February 2, 2008 Why do you want the whole site in SSL mode? :unsure: It slows it down, and I've also heard it hurts your search engine rankings.... :huh: If you wanted the whole "shebang" in HTTPS, I think you could accomplish that in your /catalog/includes/configure.php file. Like this: define('HTTP_SERVER', 'https://yoursite.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://yoursite.com'); // eg, https://localhost - should not be empty for productive servers Just make the HTTP_SERVER definition the same as your HTTPS_SERVER, whatever that may be. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
wbhendrix Posted February 4, 2008 Author Posted February 4, 2008 Why do you want the whole site in SSL mode?:unsure: It slows it down, and I've also heard it hurts your search engine rankings.... :huh: If you wanted the whole "shebang" in HTTPS, I think you could accomplish that in your /catalog/includes/configure.php file. Like this: define('HTTP_SERVER', 'https://yoursite.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://yoursite.com'); // eg, https://localhost - should not be empty for productive servers Just make the HTTP_SERVER definition the same as your HTTPS_SERVER, whatever that may be. thats a good point about the search engine rankings an speed of site... how can i make it to where it only goes to ssl when say you go to page mysite.com/login.php.. but when it goes there, it needs to stay secure for the duration of the session... is that easy? music. love. harmony.
wbhendrix Posted February 4, 2008 Author Posted February 4, 2008 could anyone give me a step by step instruction (im super newb) on how to change whatever files i need to change so that only certain php files are automatically ssl? music. love. harmony.
♥FWR Media Posted February 4, 2008 Posted February 4, 2008 could anyone give me a step by step instruction (im super newb) on how to change whatever files i need to change so that only certain php files are automatically ssl? I just wrote something like this HERE Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
germ Posted February 4, 2008 Posted February 4, 2008 Just an FYI, Ben... osC just goes "secure" for "sensitive info" page (login, payment, account create/edit). I don't know if there's a way to make it stay "secure" for every page after logging in (i.e. "the duration of the session"). Normal operation is to be "secure" for login, then revert back to "non secure" until SSL is necessary again. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
wbhendrix Posted February 4, 2008 Author Posted February 4, 2008 alright that works too.. so does that mean i post the following code in my configure.php file an thats it? define('HTTP_SERVER', 'https://yoursite.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://yoursite.com'); // eg, https://localhost - should not be empty for productive servers music. love. harmony.
germ Posted February 4, 2008 Posted February 4, 2008 What Robert was helping with in the link in his post: define('HTTP_SERVER', 'http://www.mysite.com'); define('HTTPS_SERVER', 'https://www.mysite.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', '.mysite.com'); define('HTTPS_COOKIE_DOMAIN', '.mysite.com'); If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
germ Posted February 4, 2008 Posted February 4, 2008 And I should mention, this entry: define('HTTPS_SERVER', 'https://www.mysite.com'); May need to be: define('HTTPS_SERVER', 'https://mysite.com'); Depending on how your SSL certificate is registered, with or without the WWW. If you're using shared SSL, you'll need to contact your Host to find out what the SSL URL needs to be. ;) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
♥FWR Media Posted February 4, 2008 Posted February 4, 2008 What Robert was helping with in the link in his post: define('HTTP_SERVER', 'http://www.mysite.com'); define('HTTPS_SERVER', 'https://www.mysite.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', '.mysite.com'); define('HTTPS_COOKIE_DOMAIN', '.mysite.com'); That's assuming that your cert is set up as https://www.mysite.com and NOT https://mysite.com it's easily done when buying a cert on the fly. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
wbhendrix Posted February 4, 2008 Author Posted February 4, 2008 thanks man you guys helped alot! everythings working as far as i know... music. love. harmony.
♥FWR Media Posted February 4, 2008 Posted February 4, 2008 And I should mention, this entry: define('HTTPS_SERVER', 'https://www.mysite.com'); May need to be: define('HTTPS_SERVER', 'https://mysite.com'); Depending on how your SSL certificate is registered, with or without the WWW. If you're using shared SSL, you'll need to contact your Host to find out what the SSL URL needs to be. ;) Too fast for me Jim :D Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.