Shared SSL + login problem

[runningrhino]

I have the same issue.

[jinglezdj]

I have a slightly different issue, in my config file at the moment SSL is turned off. However if I turn SSL on when a customer tries to login the system creates a link like this:

HTTPS://www.mydomainname.co.uk/HTTPS...mainname.co.uk

I use 1and1 for my hosting and use a shared certificate which when installed zencart I entered the correct details which are:

define('DIR_WS_HTTPS_CATALOG', 'https://sslrelay.com/mydomainname.co.uk/shop/');

I don't understand why the system is trying to put the standard HTTP domainname first.

Top of my config file is below:


/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'http://www.mydomainname.co.uk');
define('HTTPS_SERVER', 'https://www.mydomainname.co.uk');

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'false');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/shop/');
define('DIR_WS_HTTPS_CATALOG', 'https://sslrelay.com/mydomainname.co.uk/shop/');

[drone115b]

To jinglezdj:

I don't think you are intended to use DIR_WS_HTTPS_CATALOG in that way. I think that var should only be a relative path, not the full http(s) path. The full path HTTPS_SERVER is concatenated with the relative path DIR_WS_HTTPS_CATALOG to produce the result you are seeing.

In my config you can see a "correct" relative path for DIR_WS_HTTPS_CATALOG. I say it is correct because I did not futz with it - not because I have a website that works. :-I

[drone115b]

Hi All.

Bouncing around the forums for 2 days, I was able to find this:
http://www.zen-cart.com/forum/showthread.php?t=15081
from many moons ago.

This seems to imply that $request_type variable may be involved in the cross wires, causing the login woes I described - shared SSL with hostmonster is not allowing admin or customers to login correctly.

In files:
includes/init_includes/init_file_db_names.php
admin/include/init_includes/init_file_db_names.php

on line 18, $request_type gets set with a long hairy expression.

I tried the simple fix of putting this kind of logic:
if server == mydomain request_type = NONSSL
if server == hostmonster request_type = SSL
under the existing line 18 (and I turned on SSL in admin/include/configure.php and include/configure.php) and I did not immediately meet with success.

But to one of the Zen-cart developers:
Can you at least tell me whether this is a plausible path to pursue? Should I go through the effort of decoding all the logic on line 18 and compounding it with (server== mine | shared) logic so that my admin and customers can log in using shared SSL?

Thanks

[drone115b]

[Got no help, upgraded all to private SSL]