I have a site on Dreamhost where we have a GoDaddy SSL cert in place and working. On a fresh install of 1.3.6, with install configured to use https for admin, the login screen and initial admin menu resolves with https.
HOWEVER, if you click the "Admin Home" link in the main admin screen's tool menu, it reverts back to http.
I'm thinking it must be something hard-coded somewhere since I made sure manually that the variables are correct in the admin/includes/configure.php.
Anybody know what/where to tweak so that once in admin with https it stays in an SSL session?
TIA.
Dave Nuttall
San Antonio, Texas.
Results 1 to 6 of 6
-
18 Dec 2006, 10:57 PM #1
New Zenner
- Join Date
- Nov 2006
- Posts
- 12
- Plugin Contributions
- 0
Admin login with https but refreshes http?
-
18 Dec 2006, 11:00 PM #2
Totally Zenned
- Join Date
- Mar 2004
- Posts
- 16,019
- Plugin Contributions
- 5
Re: Admin login with https but refreshes http?
ONLY the login is secure in admin,
so this is normal.
-
19 Dec 2006, 01:31 AM #3
New Zenner
- Join Date
- Nov 2006
- Posts
- 12
- Plugin Contributions
- 0
Re: Admin login with https but refreshes http?
Seems counter intuitive, but maybe its just my senior citizen logic!
Originally Posted by Merlinpa1969
-
19 Dec 2006, 02:07 AM #4
Totally Zenned
- Join Date
- Mar 2004
- Posts
- 16,019
- Plugin Contributions
- 5
Re: Admin login with https but refreshes http?
You can thank the legacy code for that
-
10 Feb 2007, 08:33 PM #5
New Zenner
- Join Date
- Dec 2006
- Posts
- 6
- Plugin Contributions
- 0
Re: Admin login with https but refreshes http?
that can't be??? SSL for the login then reverting back to non-encrypted for the rest of the admin area. This particularly poses a problem for the backing-up of the Zen Cart Database as we are required to do this encrypted as it will contain customer credit card details!!!
What a joke! I apreciate this product is free, but I'm struggling to believe that such a mature application hasn't addressed this potential security hole.
Can someone confirm that the admin area does not have encryption/https apart from the login?
-
10 Feb 2007, 08:46 PM #6
Totally Zenned
- Join Date
- Mar 2004
- Posts
- 16,019
- Plugin Contributions
- 5
Re: Admin login with https but refreshes http?
leeasteadman,
I thought I already did that,
ONLY the login in admin is https,
and you are NOT supposed to store cc numbers in the DB,
last I checked ZC Dosnt do this, it stores the first 4 and last 4 the rest get emailed to you,
it has been stated that when the admin is rewritten 1.5 or 1.6 (I dont remember off the top of my head), that this will be addressed,
however remember this projust started off as OSC and they dont even have a login for the admin,
you can always just use the https:// in your admin configure.php file,
there is a way to do this, but for the most part is NOT really needed.
Similar Threads
-
Problem accessing Admin Login after sucessful install
By integritye in forum Installing on a Linux/Unix ServerReplies: 16Last Post: 2 Jun 2011, 06:53 AM -
Can't login to admin
By scot_giant in forum General QuestionsReplies: 164Last Post: 2 Sep 2010, 09:00 AM -
Can't login - Admin or Customers
By madk in forum General QuestionsReplies: 9Last Post: 19 Dec 2006, 04:20 AM -
Admin login exceedingly slow
By wolf99 in forum Customization from the AdminReplies: 5Last Post: 9 Oct 2006, 09:05 AM
Bookmarks