Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

User is logged off when leaving SSL & Security Warnings

glenda

By glenda
in General Support

Recommended Posts

glenda

glenda

Posted
Posted

Hi, I've been at this for a few days now. Searching the forum and trying every possible fix I can find for these problems I'm having. Please help me fix this!!!!!

 

Using:

Ians Loaded5

Shared SSL

iPowerWeb hosting

Test Site - http://www.plazmaart.com/rocknroll/

login.php - http://www.plazmaart.com/rocknroll/login.txt

application_top.php - http://www.plazmaart.com/rocknroll/application_top.txt

 

Security Warnings

The "Page contains secure and nonsecure items..." warning pops up when entering SSL. I get no padlock when I click yes, it shows up only when I click no in IE 6.02. This warning pops up on every single SSL page, but when viewimg the source it looks like everything is secure...I can't tell what is insecure.

*Note: Netscape 7.02 seems to work fine.

 

User logged off when leaving SSL

Everytime a user leaves SSL they are automatically logged off.

 

Somebody please help me :!:

 

Thanks :wink:

Mary

compugeek2003

compugeek2003

Posted
Posted

Glenda,

 

I took a look at your pages and the first thing that I came across that is causing the insecure items warning is your freestats link. It is linking back to the page through an http//: link and not an https//: link. Try disabling the freestats and see if that solves your problem.

 

Two other items of note:

 

1. I tested your site on IE6 and NS7 and they both showed the secure icon.

 

2. I also use IPowerWeb and have not had an issue with the insecure item warnings.

 

I hope this helps.

 

Eric

chfields

chfields

Posted
Posted

I tried your site using NS7 and it showed secure without warnings, althoufgh it did log me out when I left the secure pages. I don't kno what to tell you about that. BTW I signed up as test, you will want to delete that customer.

glenda

glenda

Posted
  • Author
Posted

Eric: I've got 2 sites running on my plazmaart.com domain, I think you must have gone to the wrong one. I'm talking about the Rock 'N' Roll site where I have no stats tracker. I looked at the source and don't have any http:// images. Is there anything else that could cause the nonsecure warning?

 

http://www.plazmaart.com/rocknroll/

 

Are you using loaded5 with your iPowerWeb site? Did you have to make ANY changes to get rid of the security warnings or did they never pop up in the first place.

 

chfields: Thanks for confirming that.

 

Thanks for your help guys!!!

Mary

compugeek2003

compugeek2003

Posted
Posted

Glenda,

 

Sorry about going to your other site.

 

I did come across something else that I am pretty sure is causing the problem. I took a look at your stylesheets. In them are some references to background images such as:

 

http://www.plazmaart.com/rocknroll/imagesbg.gif

 

Try changing the image references to relative links. This will probably solve your problem.

 

Eric

glenda

glenda

Posted
  • Author
Posted

Thank you SOOO much Eric :!: I didn't even think about the images in the stylesheet. I can't believe I spent all that time trying to figure out such a simple problem. Oh well...it's fixed now!

 

Now I've only got to figure out why everytime a user leaves SSL they are automatically logged off.

 

Do you have any ideas on this one?

 

Thanks again!

Mary

compugeek2003

compugeek2003

Posted
Posted

Glenda,

 

I'm glad it fixed your problem.

 

Do you by any chance have a test user account setup for your store so I can see exactly what is happening regarding the ssl logoff? If not, do you mind if I make up an account? I would be more than happy to take a look to see if I can find what is causing the problem. (If you have a test user account I could use, but don't want to post it to the public you could pm it to me.)

 

Eric

glenda

glenda

Posted
  • Author
Posted

Go ahead and create a test account, this is just a temporary store and will never be live on the plazmaart domain.

Mary

compugeek2003

compugeek2003

Posted
Posted

Glenda,

 

It appears that somehow when a user goes from an SSL page to an unsecure page that the sessions for the user are being unregistered. What we need to do is find out where this is happening.

 

Can you do a search/find of your complete site for all of the web pages that include the following line of code?

 

tep_session_unregister('customer_id');

 

This is one of the lines of code that unregisters a session when a user logs off. It should be located in your logoff.php file. I would be interested to see if it is located any where else.

 

Another bit of information that could be helpful is seeing what pages redirect or link to the logoff.php file. You could search your site for this code:

 

FILENAME_LOGOFF

 

There are actually 2 versions of this file. One of them is in the languages directory and the other is in the root of the catalog directory. The one in the catalog directory is the one we are interested in.

 

Maybe this information will give us something to go on. As well, it would be helpful to know what version of osC you are using.

 

Eric

glenda

glenda

Posted
  • Author
Posted

Hi Eric,

 

I'm sorry for not responding to you sooner. I was car shopping all weekend. That can be so boring.

 

I did a search for the code and here are the results.

 

tep_session_unregister('customer_id');

gc_redeem.php

logoff.php

 

FILENAME_LOGOFF

logoff.php

application_top.php

header.php

 

I think it may be a problem with loaded5. I say this because I've got 2 sites on loaded5 and they both act sort of the same way regarding the logoff.

http://www.plazmaart.com

http://www.plazmaart.com/rocknroll

 

You know how the when the customer is logged in, the header has a logoff link, well in my plazmaart store the "Logoff" link disappears when leaving SSL but the user is still logged in and can access their account by clicking "My Account" without having to login again. In the Rock 'N' Roll store the link disappears and the customer is actually logged out. So I think the problem lies in header.php and has something to do with:

 

tep_session_is_registered('customer_id')

I'll play with it a bit more and see if I can make it work. Please let me know if anything comes to mind. Thanks!!!

Mary

glenda

glenda

Posted
  • Author
Posted

Eric helped me figure this out. I'll post the solution incase anyone else is having the same problem.

 

There is a conflict between my shared SSL and Ian's SID Killer which comes installed in his Loaded5. I simply uninstalled the SID Killer and poof* away went my problems.

Mary

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...