Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Shared SSL, cookies and cart


josegaal

Recommended Posts

I have been reading a lot of posts on the forums and it seems that there is not a concrete answer to the problem with Shared SSL connections.

 

I made my site work with my hosting provider (ipowerweb) sared ssl connection. And I have the problem a lot of people have: if I am not logged in as a customer, and I put something in my cart, it wont pass to the cart after I login into the sssl protected session.

 

People talk about cookies, and the configuration on the configure.php files (both admin and main). I have tried everything (force cookies, not force them, change all the strings on the config files, etc.) but still have the same problem... And the ssl works fine, it is only the problem with the cart thing.

 

Is there a place where I can read about the sessions stuff and cookies handling? I mean to understand better how it works on OSC.

 

Someone has a site working with shared ssl, and the cart passes the info when logged and when not logged in? Or maybe this is an incompatible situation and will never happen.

 

All help will be very welcome, and thanks in advance for the time ypu take to answer this. I have been three full days on this!!!!!!!

Link to comment
Share on other sites

the main thing is your configure.php, if it is setup properly or not. ipowerweb has a section on how to set it up. post the top half of your config file, we can take a look.

Link to comment
Share on other sites

the main thing is your configure.php, if it is setup properly or not. ipowerweb has a section on how to set it up. post the top half of your config file, we can take a look.

Hi Joe, yhanks for your reply. Here is my configure.php:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.consumibles-mexico.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://gmsvideo.ipower.com/shop'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.consumibles-mexico.com');

define('HTTPS_COOKIE_DOMAIN', 'https://gmsvideo.ipower.com/shop');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

remove this form the https cookie domain

 

ttps://

 

dont they have server numbers or did they change things now?

Link to comment
Share on other sites

remove this form the https cookie domain

 

ttps://

 

dont they have server numbers or did they change things now?

Well, ipowerweb migrated to a new platform recently. It is based on a shared server environment, so things have changed a lot.

 

I tried removing the https:// and didn't work...

 

Thanks again

Link to comment
Share on other sites

Your problem is, even allowing for the shared ssl, you've got the http site on one domain and the https site on another domain entirely.

 

Vger

Hi Vger. Actually that's the way my ISP (ipowerweb) works with shared ssl. They asked me to put the https folder to http://gmsvideo.ipower.com/folder where the shop is, and my main URL is http://www.consumibles-mexico.com

 

Altough the protected area works fine, all the internal OSC links get confusing. For example, if I am signed on as a client and I am on the secured area, and try to click on some link, it takes me to the non secure URL...

 

I have spent hours and hours ont te forums an no one has answered this yet, as far as I have seen.

 

Any help will really, really be appreciated sinc I can't launch mysite.

Link to comment
Share on other sites

Hi Vger. Actually that's the way my ISP (ipowerweb) works with shared ssl. They asked me to put the https folder to http://gmsvideo.ipower.com/folder where the shop is, and my main URL is http://www.consumibles-mexico.com

 

Altough the protected area works fine, all the internal OSC links get confusing. For example, if I am signed on as a client and I am on the secured area, and try to click on some link, it takes me to the non secure URL...

 

I have spent hours and hours ont te forums an no one has answered this yet, as far as I have seen.

 

Any help will really, really be appreciated sinc I can't launch mysite.

 

Hi,

The moment you put in the full link it will revert back to http://

Get the documentation on osCommerce and read page 79 to 86 it will fully explain and give you some samples.

Link to comment
Share on other sites

josegaal,

 

I totally empathise with your situation as I have the exact same problem and am now dizzy from reading about all the various suggestions and options.

 

One thing is clear, the osCommerce checkout DID work before we updated PHP/Apache (i.e., with shared ssl) but for the life of me I cannot figure out what specific changes have caused the shopping cart to be empty after pressing the checkout button. It is so perplexing that no one can point me in the right direction.

 

All I can conclude is that it is something to do with the session data which is not being passed to the https side of things (same server IP by the way not a separate server). And as I said it DID used to work so it MUST surely be possible.

 

If you, or anyone, finds the answer to this problem, please please please let me know - I will be for ever in your debt!

 

[blood, sweat and tears - makes me wish we never got involved with osCommerce in the first place :(]

 

FYI: I have already tried editing the /include/configure.php script ad nauseum.

Link to comment
Share on other sites

  • 1 year later...

Hi,

 

It took me hours to find out how to get shared SSL working for my HostCentric hosted Catalog. But in the end it worked allthough I am not sure if it solves the problems stated in this thread. I got an order through!

 

I had expected to see https:// on the opening page of my catalog (after opening index.php) This made me search and search for a solution while it turned out that the ssl is only activated on cart checking-out pages...

 

Here is my catalog/includes/configure.php for HostCentric shared SSL

 

<?php

define('HTTP_SERVER', 'http://www.mydomain.com');

define('HTTPS_SERVER', 'https://myaccount.hostcentric.com/mydomain.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com');

define('HTTPS_COOKIE_DOMAIN', 'https://myaccount.hostcentric.com/mydomain.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

...

 

Here is my catalog/admin/includes/configure.php

<?php

define('HTTP_SERVER', 'http://www.mydomain.com');

define('HTTP_CATALOG_SERVER', 'http://www.mydomain.com');

define('HTTPS_CATALOG_SERVER', 'https://myaccount.hostcentric.com/mydomain.com');

define('ENABLE_SSL_CATALOG', 'true');

 

I am only not so sure about the HTTPS_COOKIE_DOMAIN setting, but so far it works.

 

The folder structure on HostCentric for <myaccount> is:

/mydomain.com

/catalog

 

The catalog opens with http://www.mydomain.com/catalog

The direct link to the shared ssl is https://myaccount.hostcentric.com/mydomain.com/catalog/

 

Maybe this helps for future reference...

 

Thanks for the info in the thread as the ipowerweb syntax put me on the right track...

Link to comment
Share on other sites

Oops...

 

Forget about the admin/includes/configure.php changes. That makes admin unavailable....

 

But fortunately the shared SSL is still working without the admin changes.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...