Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL problems


OrionPax

Recommended Posts

Hi,

 

I was wondering if anyone else has experienced this problem, cause frankly it has me quite stumped.

 

I have been working on customizing an installation of OS Commerce on my server, and it works fine on the HTTP side, but when I try to run it on HTTPS I get this problem.

 

When I try to check out, it requires that I do each step 2 or 3 times.

 

I had a similar problem when I tried to run the installer on HTTPS. It would take two or three tries to get to step 2, and then send me right back to step 1 again.

 

I'm not sure if this is an issue with my server or with OS Commerse, but I thought I might get some info from here before I talked to my provider.

 

Thanks in advance!!

Link to comment
Share on other sites

The usual cause for this sort of problem is incorrect settings for HTTPS_SERVER, HTTPS_COOKIE_DOMAIN and HTTPS_COOKIE_PATH in catalog/includes/configure.php. COOKIE_DOMAIn must match the domain name given in HTTPS_SERVER and COOKIE_PATH must match the directory path for your "catalog" pages when connected by SSL. Many new osC users get these wrong (myself included until I figured it out...)

Link to comment
Share on other sites

FYI here is my configure.php settings

 

define('HTTP_SERVER', 'http://www.mydomain.ca'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.mydomain.ca'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mydomain.ca');

define('HTTPS_COOKIE_DOMAIN', 'www.mydomain.ca');

define('HTTP_COOKIE_PATH', 'www.mydomain.ca/catalog/');

define('HTTPS_COOKIE_PATH', 'www.mydomain.ca/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

should the COOKIE DOMAIN and COOKIE PATH defines include "HTTPS://" ?

Link to comment
Share on other sites

Try this:

 

define('HTTP_COOKIE_DOMAIN', 'mydomain.ca');

define('HTTPS_COOKIE_DOMAIN', 'mydomain.ca');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

Link to comment
Share on other sites

Thanks, Im trying that now...

 

This question might be related:

 

Which files should I have copied over into my httpsdocs folder? should i put all the OSCommerse file in both the httpdocs and httpsdocs folders?

 

The install docs don't mention putting any files on the https server.

 

Should I run the installer on the https server as well as the http server, or just copy over the configure.php file?

Link to comment
Share on other sites

Ok, I just discovered something very stange indeed.

 

When I use Mozilla it works perfectly, without any problems at all.

 

But the problem is still there when I use Internet Explorer.

 

So the problem must be related to how my server is communicating over SSL with the browser...

Link to comment
Share on other sites

On most systems, there is not a separate folder for HTTPS files, which is why the osCommerce documentation doesn't mention it. I would think you'd have to duplicate your osC files there (NOT an actual install) if your web host requires such a thing. What a mess!

 

I do note that the .htaccess which is included in the catalog folder of osC has some code that claims to "fix" something related to SSL for MSIE, though MSIE works fine with SSL on my store.

Link to comment
Share on other sites

Im running on a virtual server with PLESK, and I think thats the way that all PLESK servers handle HTTPS, but I could be wrong.

 

I'll take a look at the .htaccess files, maybe theres a clue there..

 

Thanks

Link to comment
Share on other sites

I was having a similar prob and I set mine up as per Steves reccomendations and it works fine now. Im on a shared ssl so that may be your prob,I set mine up as so;

http cookie domain>my company name.com

https cookie domain>my company name.webhost name.com

http cookie path>catalog/

https cookie path>catalog/

Link to comment
Share on other sites

seriously this problem has me pulling my hair out...

 

Im starting to think that maybe it does have to do with the cookie domain.. but I dont know what else to put as the cookie domain other than mydomain.ca.

 

Im not using shared ssl, as my domain has it's own ssl cert.

 

I've tried deleting the .htaccess files, and I still have the same problem.

 

I've tried changing the configure file in a million different ways, and still no luck.

 

:angry:

Link to comment
Share on other sites

see my post today about problems with using shared ssl and AOL. The config file is listed there works using a similar setup to what you have.

 

http://www.oscommerce.com/forums/index.php?showtopic=69169

 

Also, unless you want to maintain a copy of all your files on both sides of your server, make a redirect page to put on your secoure server to direct users back to the http side after they log in or make a purchase.

 

Log into http://shirleyscathouse.com/catalog to see how it is done if you have any questions, or I can post the code here.

GEOTEX from Houston, TX

 

(George)

Link to comment
Share on other sites

Thanks for your responce, I looked over your post, but it doesnt seem to be the same issue, tho it is similar.

 

it's different because I'm not using a shared ssl cert. My domain has its own certificate, and is running on Plesk.

 

so the http server is: http://www.mydomain.ca/catalog/

and the https server is: https://www.mydomain.ca/catalog/

 

If I upload html or php files into my httpsdocs folder i can access them by going to https://www.mydomain.ca/

 

The weird thing is, if I run the OSC installer on the https side, i have the same issue, and the installer doesnt use cookies as far as I can tell.

 

I have been looking at the code, and I thot it might be related to HTTP_GET_VARS/HTTP_POST_VARS but my tests show that those work on my server. :unsure:

Link to comment
Share on other sites

Hi David [OrionPax],

 

Did you find a solution yet, because I have your exact same problem!

My own domain cert, IE 6.02 problem with setting up an account [need to refresh the page and only then it creates an account], with Mozilla 1.4...no problem.

I just can't seem to find the solution.

 

Does the local php setting: session.cookie_secure Off could do any harm in this?

Meaning, should this be On ?

 

Hope to hear from you soon.

 

 

Regards,

Robert

Link to comment
Share on other sites

Solution found!

 

When [in IE 6.0.2 advanced settings] I uncheck SSL 3.0 [only use SSL 2.0] the problem of NOT be able to create an account are solved!

 

I guess the .htaccess needs an update?

 

Regards,

Robert

Link to comment
Share on other sites

  • 2 weeks later...
Also, unless you want to maintain a copy of all your files on both sides of your server, make a redirect page to put on your secoure server to direct users back to the http side after they log in or make a purchase.

 

Log into http://shirleyscathouse.com/catalog to see how it is done if you have any questions, or I can post the code here.

If you could post this info it would be great, thanks!

Angela

Link to comment
Share on other sites

Solution found!

 

When [in IE 6.0.2 advanced settings] I uncheck SSL 3.0 [only use SSL 2.0] the problem of NOT be able to create an account are solved!

 

I guess the .htaccess needs an update?

 

Regards,

Robert

hmm I tried that too, and it didnt work for me.. I suspect it was a problem with something my host had set up.

 

I changed host providers to get it working.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...