Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Secure vs Unsecure


nitchimon

Recommended Posts

I got OSC up and running. Great program!

But I ran into something VERY weird.

 

I have SSL on a windows box and the non-ssl version on a Linux box. When a "guest" is viewing the contents and putting things into their cart, its fine. If they go to "checkout", usually no problem logging in and completing this order.

 

But, when the order is complete I have noticed a few things.

 

1) Upon completion of the order, the user does NOT get redirected back to the NON-SSL site, but instead is directed back to the beginning within the SSL site.

I would think that after placing an order AND completting it via SSL, the person should be redirected back to the main catalog site, not the SSL site.

 

2) When the user signs on and finishes the order. They are still logged in. When I push them back over (or manually go back to the non-ssl catalog) to the non-secure site, I see that the shopping cart is still there with the items.

IF they log out, the cart goes away. They log back in, the cart is empty.

I would think that this might confuse a user? I knwo it confused me :)

 

3) Is there any place or "manual" that I can refer to for certain things I want to update, remove or add ?

 

TIA for the help!

 

Enjoy!

 

 

Nitch

------------------------------------------

Nitchimon

 

Motto for today:

I went to school to become a wit. But I only made it half way.

Link to comment
Share on other sites

As a follow up:

 

2 weird things when dealing with 2 servers. Non-SSL main site, SSL site on another machine.

 

1) When the order is complete, the the final "thanks" page does not go back to the non-SSL page and server. Anyone else have this problem ?

 

2) When you go to the SSL server, the images for "whats new" and other images are not located on the SSL site. Do you have to duplicate *all* of the images and item images for the non-SSL site/Server?

 

 

Another question:

Are there any plans for OSC to be able to store the images within the database itself ? This I would think woudl alleviate the problem of duplicate images. Also, it might be faster in the long run to store the images and retreive them. This plus when you delete an item, the image automatically gets removed as well.

 

 

TIA!

------------------------------------------

Nitchimon

 

Motto for today:

I went to school to become a wit. But I only made it half way.

Link to comment
Share on other sites

2) When you go to the SSL server, the images for "whats new" and other images are not located on the SSL site. Do you have to duplicate *all* of the images and item images for the non-SSL site/Server?

 

You're not supposed to duplicate *any* images, or *any* files in the SSL site/folder. All off the files stay in one place, you do not move copies of them anywhere. You are only supposed to direct the customers *through* the SSL path (even if your SSL domain is different from your regular domain) and back to your regular site.

 

In other words, http://youdomain.com/includes/images/button.gif and https://SSLocked~username/includes/images/button.gif should both display the exact same gif from the exact same folder, /home/username/public_html/includes/images/button.gif on your non SSL domain.

-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Link to comment
Share on other sites

Yes, that's true IF both the SSL and non-SSSl are located on the same server.

 

BUT what about if they are not ?

 

I've got that scenerio that the non-SSL is located on a linux box and the shared SSL is located on a (shudders to admit this) windows box.

2 totally different locations

 

The images are uploaded by the "admin" onto the linux box into a folder and when a user goes to sign in, they are redirected to the SSL machine for sign-in and/or orders processing.

 

yes, thsi also means I have 2 seperate sets of code. One on the Linux box and 1 on the Windows box. BOTH sets of code using the same database

 

 

I've read in various places on the forums where people have done just this. My question is are they REALLY 2 seperate machines? or just 1 machine with 2 different domains pointing to the same folder.

 

 

ALSO,

I have it as http://www.mycatalogdomain.com is the non-SSL with this looking at the images/ directory.

On the SSL side,

I have it as https://www.securestore.com/[name of store]... THIS does work BUT of course when they go to the SSL section, they are NO longer on the linux box. Same information fed throught he databases, BUT the images all reside on the linux box.

 

 

Again, I've seen peopel do this and they say it works.... or did they do some tweaking ?

 

 

ENjoy!

 

Nitch.

------------------------------------------

Nitchimon

 

Motto for today:

I went to school to become a wit. But I only made it half way.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...