You are being redirected to an insecure page

[imagic]

At the end of the checkout process, there is a continue button on the last page. When you click on this button, you get the popup box that says you are being redirected to an insecure page, do you really want to do this?

 

My ssl pages are working well for the checkout process, but the only way I can see to get around this error message is to use the ssl server url for the http_server in the configure.php file. But I don't want to have to do that because then the whole cart is working through the ssl server and I don't want to put that burden on the server.

 

Do I have something set up wrong or is this just the way osc works?

 

Thanks for your help!

[Guest]

It's just the way that SSL works. When you leave a secure page (like checkout) to return to an insecure page (like index.php), it will display a warning.

 

Hth,

Matt

[imagic]

So when you buy something at amazon.com, you get that popup box? The answer is no. This is something that only unprofessional shopping carts would show.

[pearsall]

Lisa,

 

I have a quick question because I think you are beyond the issue that I am having with osCommerce.

 

When you refer to the continue button at the end of the order and then the warning box that asks if you are sure you want to leave a secure page, are you talking about the continue button on the osCommerce page that confirms the product the client ordered and also let's the customer check off whether they want more information about the product in the future.

 

If so, does your continue button really take you back to your regular url's catalog because that is the problem I'm having. I'd be interested in seeing your configuration files or your 2Checkout payment module file so I can figure this out (with your information removed of course for your own privacy). I'm at my witts end with this. That is all that I need osCommerce to do and so far I've spent 12 hours with coding and about 4 hours reading this board. I just noticed your post and saw that you seem to be beyond that problem.

 

Am I correct? Does your continue button actually take you back to the catalog for your regular store and not your SSL store?

[Guest]

So when you buy something at amazon.com, you get that popup box? The answer is no. This is something that only unprofessional shopping carts would show.

I just tried it with amazon. I reset my preferences in IE so that it would show the warning (I usually turn it off in the browser). I logged on to my account on amazon (a secure page) and then clicked on one of the products in my cart (a normal page), and it displayed the warning (both times, in and out).

 

So, yes, it happens on Amazon as well. The only ways to avoid this from the server side are to use either SSL or non-SSL pages for the entire site.

 

There may be ways to order from Amazon without triggering the warning. For example, if you use one-click ordering, it might never go to secure mode. However, any time you switch between secure and insecure modes, the browser will throw the warning if it is configured to do so (which is the default). This will happen on *any* site that uses both modes.

 

Cheers,

Matt

[Guest]

You can always just change the re-direct so that it goes to a secure page rather than the standard page and avoid the warning. In newer versions of OSCommerce it is about line 29 of checkout_success.php

 

    tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));

 

You should be able to change it to something similar to:

 

    tep_redirect(tep_href_link(FILENAME_DEFAULT, 'SSL', $notify_string));

[Guest]

Oops..actually it should probably look more like this:

 

    tep_redirect(tep_href_link(FILENAME_DEFAULT, ' ' , 'SSL',$notify_string));

 

And it is probably not a bad idea to change the submit to SSL as well:

 

<td align="right" class="main"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE, 'SSL'); ?></td>

[Guest]

Also while you are at it you will probably want to change a line in your catalog/login.php around line 65 to:

 

          

tep_redirect(tep_href_link(FILENAME_DEFAULT, ' ', 'SSL'));

 

You will get a redirect warning there as well if you are a returning customer and login before placing items in your cart and hitting checkout. Just create an account, logoff (you will get a warning there as well if you hit continue), then click on login, enter password, etc., and click login...it will give you a warning on re-direct.

 

To remove the warning on the logoff continue button change this portion in catalog/logoff.php to look like this:

 

                <td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, ' ', 'SSL') . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE, 'SSL') . '</a>'; ?></td>

 

None of these popup warnings are real important as they do not occur in sensitive payment info type screens, but IMO it is never a bad thing to try to minimize all warnings that could possibly happen as a customer navigates your site.