Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Security Warning on Returning from Completed Paypal payment


Recommended Posts

I'm still in the middle of configuring things, but now have Paypal Standard working. However, after the paypal transaction completes, I get the following in a box titled security warning:


Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.


Are you sure you want to continue sending this information?


Is there something I can change about my configuration in oscommerce to stop this, as I think it might scare some customers. This message was seen with Firefox.





Link to comment
Share on other sites

You need to get a SSL Certificate, have it added and ssl enabled on your hosting and configure your cart to use SSL. (in the file includes/configure.php )

Link to comment
Share on other sites

Is this message happening on an osC SSL-protected page, or on a PayPal SSL-protected page? If the latter, is it right when you're supposed to be coming back to an osC page? If it's a page in osC that's supposed to be SSL-protected (it has 'SSL' in the tep_href_link call), and you do not have SSL set up on your site, that might have triggered the warning. Eventually, you have to link from an SSL page to a non-SSL page, so it must be a misconfiguration somewhere.

Link to comment
Share on other sites

I don't understand what's going on. Is someone really looking at your /store/index.php? That should not be under SSL (https). Only selected pages which need the extra security (https) should be getting it, and do automatically when SSL is enabled in configure.php files.

Link to comment
Share on other sites

  • 1 month later...

Hi Dan,


The issue can occur when a secure page is sending POST data or session data back to an insecure page. It is a browser level warning.


If you intall an SSL cert on your site and make sure oscommerce does things via the SSL then your cart will send a return URL to Pay PaL that is https. You won't see that warning any more because your customers will then be moving from an SSL protected location (Pay Pal) back to another secure location (your site) .


SSL certs are not too expensive, you should deffinatly have one anyway.


Best regards




Accept credit cards online > safely process offline

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...