HTTPS and security warnings

[MaDd0g]

When a user signs into the store it switches to HTTPS and then does not switch back to HTTP. This causes a security error to pop up since some of my sideboxes have external content.

Is there any way to enable HTTPS for log in and checkout only and automatically redirect to HTTP after performing those actions?

Also alternatively telling those sideboxes to disable if in HTTPS mode just in case the customer doesn't get redirected back to HTTP.

[kobra]

Can't see your issue as no site provided...

Auto switching is the default action ...

[MaDd0g]

Thanks for the reply. So what you are saying is that what I am asking for it should already be doing? Hrmmmm...

Here is my site

[MaDd0g]

Saw 3 referrals to my site from here. Thanks to those for looking!

[DrByte]

Also alternatively telling those sideboxes to disable if in HTTPS mode just in case the customer doesn't get redirected back to HTTP.

With respect, that should not be your "alternative" action. It should be your *primary* action.
You'll have to edit your sideboxes to display content correctly based on whether the page is in SSL mode or not.
The variable $request_type will be 'SSL' or 'NONSSL', respectively, and you can use that to take action accordingly.

[kobra]

So what you are saying is that what I am asking for it should already be doing?

Yes that is correct - - The default code allows for auto switching

A couple of things
While selecting login switches to https - - there is NO LOCK presented

This probably means that the certificate is not properly installed....

Try switching to the classic template to see if that changes anything and to rule out a template issue

[MaDd0g]

Thanks. This is my first Zen Cart so this info is much needed. I will work on the code for disabling the sideboxes in question when in https mode.

You say that the default code "allows" for auto switching. Should I have to do anything to tell it to switch back to http after logon or checkout? Or any other page that may be https?
Posted via Mobile Device

[kobra]

Should I have to do anything to tell it to switch back to http after logon or checkout?

No nothing should be required if the code has not been altered
Again try switching to the classic template
Also clear up why you are not seeing a "LOCK" once in https mode

The only setting if your server settings are correct is the following

Code:

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

[g1smd]

Should I have to do anything to tell it to switch back to http after logon or checkout?

That's automatic too.

[MaDd0g]

Well... Thanks to your help I was able to get all of the security warnings to go away while in HTTPS!

The only outstanding issue is that when I log in as a registered user it does not automatically switch back to HTTP. I have tried the classic template and it acts the same way

Any more ideas???