Loosing secure connection when adding items to cart

[gilby]

https://smockingbooks.com/bookstore/...php?main_page=

This doesn't have the "www" in it that you said you have done?

Make sure that you change the attributes on the configure.php files before uploading the edited version. Otherwise they won't be updated (and you won't be told it failed)

[frank18]

This doesn't have the "www" in it that you said you have done?

Make sure that you change the attributes on the configure.php files before uploading the edited version. Otherwise they won't be updated (and you won't be told it failed)

@motherwestwind

gilby means file permissions not attributes. Set them to 644 or higher before uploading your edited configure.php file and when done set permissions back to 444 or 400

Just checked the source of one of your pages and all the links are showing http:// instead of https:// although the address bar displays https:// - naturally this gives you the error.

Cheers / Frank

[motherwestwind]

Everything seems to be fine on this end so I guess whatever I did worked. Thanks for your assistance.

[frank18]

Everything seems to be fine on this end so I guess whatever I did worked. Thanks for your assistance.

Good to hear that all is working for you now.

Were the permissions of the configure.php file set to 444 or 400 before you tried uploading the edited file?

[mc12345678]

Looks like several things going on, one of which I would guess is a htaccess redirect to a "secure connection." Agree with frank18 that all the links point to http; however, after clicking takes one to https without the www in the beginning. Didn't see any error messages, but I rarely do on my cell phone.

[motherwestwind]

Now my ADMIN page is all skewy. Geez I can't bloody win these days. First there is an earthquake and now this.

[dbltoe]

Several things that can be confusing here.

Links can be inserted as either absolute or relative. Absolute will have either http:// or https://. Relative may have ../something, ./something, or /something BUT NEVER src="//.

There are two bad things about absolute links with http://something:

1. The link actual forces the browser to go outside the site, get the file or image, and return to the site with the file. A TOTAL waste of time.
2. Any http://something link on an https:// page will throw an error because you are telling the secure site to use an unsecure item from OUTSIDE the site. Even if the absolute link is an image in your images folder, you are still trying to get it and bring it back in an insecure manner.

There's a pretty good explanation at http://tinyurl.com/yp55ma.

Being secure, (https://) is controlled first of all by the configure.php files. The catalog/shop is controlled in yourSite/includes/configure.php.

/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'http://yourSite.com'); This can have the www. or not. It SHOULD be the same as your SSL certificate without the https.
define('HTTPS_SERVER', 'https://yourSite.com'); This can have the www. or not. It SHOULD be the same as your SSL certificate WITH the https.

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true'); This is so that the checkout process is secure and only used if your have an SSL installed.

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/'); This is ONLY changed if your shop is in a subdirectory of your site.
define('DIR_WS_HTTPS_CATALOG', '/'); This is ONLY changed if your shop is in a subdirectory of your site.

This should secure the log in and checkout for users UNLESS you have an absolute link on any of those pages. Oddly enough, this often happens when someone adds a relative link for an SSL cert.

The yourAdmin/includes/configure.php controls (in the most part) the yourAdmin area EXCEPT:

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'false');

It shouldn't need to be messed with in your case.

Most hosts should already be pointing www and non-www to the same URI. The mistake some folks make is that they purchase an SSL elsewhere not knowing which way their own host points.

You need to get with your host and review the SSL. Then set the configure settings to reflect the final status.

One thing at a time:

1. Is my SSL www or not?
2. If not, does my host point www to non-www?
3. Make sure configure files reflect correctly whether www or non-www
4. Search the entire site for http://. Any of them WILL be a problem of some kind. Make them relative to at least speed up the site.

P.S. Any absolute link will probably be missing some link info. So, while you're making it relative, remember title, target, and (if an image) alt tags.

[mc12345678]

Agree use of src="// would not be relative, it would be absolute. The http: or https: associated to the served page would be prepended to the address that follows. Further the use of ny absolute path that points to the local server is a waste and will only cause trouble if the uri changes or the code is duplicated to another uri (effectively a uri change). And therefore should only be used for an external site, coming back to the two bad things listed above.

[dbltoe]

Agree use of src="// would not be relative, it would be absolute.

Whether a src for an image, a script, and iframe or simply a source -- a double slash following the src=" violates the whole src attribute syntax and will cause many hours of hair-pulling searches for the problem. The browser would assume it is relative but would be looking for yourSite.com//someFile. Can you say, "Fill the log file?"
The same applies to the new <source> tag in html5.

Thus, the NEVER.

[motherwestwind]

[
The yourAdmin/includes/configure.php controls (in the most part) the yourAdmin area EXCEPT:It shouldn't need to be messed with in your case.

Are you saying that the statement should be FALSE and not TRUE?