Guest Posted May 28, 2009 Posted May 28, 2009 Hi all, I was looking for SSL solution for my site and found that my web host offers shared SSL (which is ok for testing purposes). Anyways I followed instructions found in these forums and it works almost perfectly until I noticed something not quite right. When I access "My Account", the page becomes https, which is how it should be. When I log in, I can see the account information and orders etc etc. Then I select a product by going to a manufacturer (or by categories). All these other pages are not secured (no https) for some reason, even though I am still logged in. I don't think it's supposed to do that? Every page should be https after a user has logged in, is that right? Regardless, I try and add a product to my cart and I find that even my shopping cart has no https. However, when I click on "Shopping Cart" from the navigation bar, it is secured (has https). Both pages are shopping_cart.php. I don't understand why one is secured and the other is not. With regard to Paypal, I could see that a customer will have to register for a Paypal account if they want to continue. I remember doing my old site and clients didn't have to sign up for Paypal (they could choose). Is this something that I've done wrong or has Paypal made changes so now everyone that uses their site MUST be registered? I don't look forward to forcing new customers to register twice if they haven't got Paypal (one for my store, the other for Paypal)... Thanks very much in advance.
acbatchelor Posted May 28, 2009 Posted May 28, 2009 there is nothing wrong with your SSL. you only need https on pages with sensitive information (like their account, their checkout). the product pages have info that everybody who visits the site can see so https is not needed.
Guest Posted May 28, 2009 Posted May 28, 2009 Thanks, that explains the products pages, but what about the shopping cart pages? I think shopping carts should be https, correct? At any rate, when I add a product to the cart, the shopping cart has no https, but when I click on the "Shopping Cart" link on the navigation bar, it does have https. Both are shopping_cart.php. So any idea why that is?
acbatchelor Posted May 28, 2009 Posted May 28, 2009 no, the shopping cart page does not have to be https. my site does not have it. if you look at the live shops page and check out other sites, they do not have https on their shopping cart. if you look at big company websites like walmart, they do not have it either. the shopping cart page does not have sensitive information. it's the same info anyone else will see if they add products to their cart.
MrPhil Posted May 31, 2009 Posted May 31, 2009 I suppose that for some customers, they'd like to have the whole thing encrypted. Say, I'm shopping on an "adult" oriented site, and never mind what I've got in my cart, I'm nervous about people finding out simply that I'm "here". Or, I'm shopping for adult diapers and Preparation H in 55 gallon drums because I, uh, have "problems". I could see SSL on everything might make potential customers a bit more comfortable about shopping there. Of course, that would slow down communications, but it might be worth it to gain a customer. Is there any way to put the entire site under SSL if I enter it https://www.store.com? The system would need to detect the use of https: and possibly (.htaccess?) set a flag somewhere to use SSL at all times. Just some random thoughts...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.