"Your Shopping Cart is Empty" after SSL certificate installation
Hi Zen Cart community,
I have encountered this operational problem after the installation of a dedicated SSL certificate with webhostingpad.com. The shopping cart doesn't work properly, in fact when a user click on add item, is redirected to okidoqui.com/shopping_cart that displays "Your Shopping Cart is Empty".
Some details about my system:
- Web Site: www.okidoqui.com
- Server OS: Linux 2.6.18-338.19.1.el5.lve0.8.36
- PHP Version: 5.2.17
- Zen Cart 1.3.8a
- Database Patch Level: 1.3.8
I already studied previous threads such as:
and the tutorial:
I guess that the problem occurs because of the .htaccess file, but I am not sure. Here attached the .htaccess file:
Code:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.okidoqui.com/$1 [R,L]
RewriteEngine On
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
#### BOF SSU
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
# Deny access from .htaccess
RewriteRule ^\.htaccess$ - [F]
RewriteCond %{SCRIPT_FILENAME} -f [OR]
RewriteCond %{SCRIPT_FILENAME} -d
RewriteRule .* - [L]
RewriteRule ^(.+) index.php?/$1 [E=VAR1:$1,QSA,L]
#### EOF SSU
AuthName okidoqui.com
AuthUserFile /home2/okidoqui/public_html/_vti_pvt/service.pwd
AuthGroupFile /home2/okidoqui/public_html/_vti_pvt/service.grp
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^megatradecenter\.com$ "http\:\/\/www\.okidoqui\.com" [R=301,L]
RewriteCond %{HTTP_HOST} ^megatradecenter.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.megatradecenter.com$
RewriteRule ^/?$ "http\:\/\/www\.okidoqui\.com" [R=301,L]
RewriteCond %{HTTP_HOST} ^okidoqui\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.okidoqui\.com$
RewriteRule ^/?$ "https\:\/\/www\.okidoqui\.com\/" [R=301,L]
# From Ultimate SEO URLs
RewriteRule ^(.*)-p-(.*).html$ index\.php?main_page=product_info&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-(.*).html$ index\.php?main_page=index&cPath=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-m-([0-9]+).html$ index\.php?main_page=index&manufacturers_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pi-([0-9]+).html$ index\.php?main_page=popup_image&pID=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pr-([0-9]+).html$ index\.php?main_page=product_reviews&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-pri-([0-9]+).html$ index\.php?main_page=product_reviews_info&products_id=$2&%{QUERY_STRING} [L]
RewriteRule ^(.*)-ezp-([0-9]+).html$ index\.php?main_page=page&id=$2&%{QUERY_STRING} [L]
# For Open Operations Info Manager
RewriteRule ^(.*)-i-([0-9]+).html$ index\.php?main_page=info_manager&pages_id=$2&%{QUERY_STRING} [L]
# For dreamscape's News & Articles Manager
RewriteRule ^news/?$ index\.php?main_page=news&%{QUERY_STRING} [L]
RewriteRule ^news/rss.xml$ index\.php?main_page=news_rss&%{QUERY_STRING} [L]
RewriteRule ^news/archive/?$ index\.php?main_page=news_archive&%{QUERY_STRING} [L]
RewriteRule ^news/([0-9]{4})-([0-9]{2})-([0-9]{2}).html$ index\.php?main_page=news&date=$1-$2-$3&%{QUERY_STRING} [L]
RewriteRule ^news/archive/([0-9]{4})-([0-9]{2}).html$ index\.php?main_page=news_archive&date=$1-$2&%{QUERY_STRING} [L]
RewriteRule ^news/(.*)-a-([0-9]+)-comments.html$ index\.php?main_page=news_comments&article_id=$2&%{QUERY_STRING} [L]
RewriteRule ^news/(.*)-a-([0-9]+).html$ index\.php?main_page=news_article&article_id=$2&%{QUERY_STRING} [L]
# All other pages
# Don't rewrite real files or directories
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*).html$ index\.php?main_page=$1&%{QUERY_STRING} [L]
If I take out the first three lines, which activate the redirection to https, the shopping cart works wonderfully. I need the SSL connection and I need your help.
You will also find the public_html/includes/configure.php file as follow:
Code:
<?php
/**
* @package Configuration Settings circa 1.3.8
* @copyright Copyright 2003-2007 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/
//additional keywords for products//
$oquikeywords = ',deals, cheap price';
//end additional keywords
/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
include_once('includes/config_sites/sites_switch.php');
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'https://www.okidoqui.com');
define('HTTPS_SERVER', 'https://www.okidoqui.com');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');
define('DIR_WS_PHPBB', '/');
// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', '/home/okidoqui/public_html/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');
define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', '');
define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', '***************');
define('DB_SERVER_PASSWORD', '***************');
define('DB_DATABASE', '**************');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'db');
// for STORE_SESSIONS, use 'db' for best support, or '' for file-based storage
// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'none');
define('DIR_FS_SQL_CACHE', '/home/okidoqui/public_html/cache/');
// EOF
I checked out with the hosting provider, which says that the SSL installation works fine and after looking at the SSL tutorial for Zen Cart, they say that are complying with it.
Hoping that someone can help me out. Thanks.
All best :-)
Re: "Your Shopping Cart is Empty" after SSL certificate installation
Quote:
If I take out the first three lines, which activate the redirection to https, the shopping cart works wonderfully.
Those lines are unnecessary for SSL to work properly - unless your host has a really screwy server setup.
Re: "Your Shopping Cart is Empty" after SSL certificate installation
Also:
Quote:
define('HTTP_SERVER', 'https://www.okidoqui.com');
define('HTTPS_SERVER', 'https://www.okidoqui.com');
It isn't necessary to define HTTP_SERVER as SSL. In fact, it's generally a bad idea.
Re: "Your Shopping Cart is Empty" after SSL certificate installation
Please upgrade your cart! V1.3.8 is subject to serious security vulnerabilities and hacking.
Re: "Your Shopping Cart is Empty" after SSL certificate installation
1) Why are running the entire store undr SSL? normally if you set it up correctly, zencart automatically switches to SSL where sensitive data is transmitted
2) You have insecure assets being used,which will cause security warnings to your customers
as in one of your banners you an insecure link to an offsite asset namely an image
img src="http://www.linkreferral.com/images/linkreferal/linkbutton.gif"
I get this warning when i click the add to cart button
Quote:
Information from this secure page will be submitted to a page that is not secure on okidoqui.com.
Submitting sensitive information is strongly discouraged.
3) What happens if you do the following
i) get rid of that redirect it is unnecessary, that stuff should all be set in zencarts configure files
ii) then edit the configure file
Quote:
// Define the webserver and path parameters
define('HTTP_SERVER', 'http://www.YOUR_SHOP.com');
define('HTTPS_SERVER', 'https://www.YOUR_SHOP.com');
define('ENABLE_SSL', 'true');
If that works correctly, which it should
And you insist on having your entire store in SSL
then try changing the http server in the config file
so it is like the below
Quote:
// Define the webserver and path parameters
define('HTTP_SERVER', 'https://www.YOUR_SHOP.com');
define('HTTPS_SERVER', 'https://www.YOUR_SHOP.com');
define('ENABLE_SSL', 'true');
Re: "Your Shopping Cart is Empty" after SSL certificate installation
Quote:
Originally Posted by
RescoCCC
Those lines are unnecessary for SSL to work properly - unless your host has a really screwy server setup.
Thanks for the suggestion, I agree and I removed the three lines.
Re: "Your Shopping Cart is Empty" after SSL certificate installation
Quote:
Originally Posted by
RescoCCC
Also:
It isn't necessary to define HTTP_SERVER as SSL. In fact, it's generally a bad idea.
Thanks, I also agree on this. It is not necessary to secure the whole Web site. But, after applying the configure.php modification and removing the three lines from .htacces, I have the same problem still.
Could it be a problem with the sessions? I don't see any issue with that, but it is the only thing that I can think of. Any suggestions?
Thanks for the quick responses.
Re: "Your Shopping Cart is Empty" after SSL certificate installation
Quote:
Originally Posted by
nigelt74
2) You have insecure assets being used,which will cause security warnings to your customers
as in one of your banners you an insecure link to an offsite asset namely an image
img src="http://www.linkreferral.com/images/linkreferal/linkbutton.gif"
Thanks, this change was important too.
In conclusion, thanks all of you! The three changes where all necessary for the shopping cart to work. LOVING ZENCART COMMUNITY!
:clap:
You are the best!
All best,