Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Join Date
    Nov 2008
    Posts
    192
    Plugin Contributions
    0

    Default secure main page after logging in

    Hi,

    On my site, after a customer logs in, they are taken to the main page with SSL still enabled.

    If they then immediately search, they get a warning that unencrypted info will be sent. (Clicking any other link gives the user a regular non-ssl page, which is fine.)

    I'd like to eliminate the unencrypted error notice by having the customer go to a non-ssl main page after they log in.

    Since my site is somewhat customized, I don't know if the customer lands on an ssl-enabled page after login by design or if that's a quirk in my system.

    In any case, I want the main page to be non-ssl after login.

    How can I change the post-login main page to be non-ssl?

    I running 1.39d

    Many thanks,

    Ed

  2. #2
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,705
    Plugin Contributions
    12

    Default Re: secure main page after logging in

    In your "admin" includes/configure.php, are all your http# defines listed as https or are they different for each?

    define('HTTP_SERVER', 'http://www.something.com');
    define('HTTPS_SERVER', 'https://www.something.com');
    define('HTTP_CATALOG_SERVER', 'http://www.something.com');
    define('HTTPS_CATALOG_SERVER', 'https://www.something.com');
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  3. #3
    Join Date
    Nov 2008
    Posts
    192
    Plugin Contributions
    0

    Default Re: secure main page after logging in

    I have all of them set to https in admin.

    Ed

  4. #4
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,705
    Plugin Contributions
    12

    Default Re: secure main page after logging in

    They need to be as in my post. Http for http and https for https
    A little help with colors.
    myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
    Free SSL & Domain with semi-annual and longer hosting. Updating 1.5.2 and Up.

  5. #5
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: secure main page after logging in

    Quote Originally Posted by dbltoe View Post
    In your "admin" includes/configure.php, are all your http# defines listed as https or are they different for each?

    define('HTTP_SERVER', 'http://www.something.com');
    define('HTTPS_SERVER', 'https://www.something.com');
    define('HTTP_CATALOG_SERVER', 'http://www.something.com');
    define('HTTPS_CATALOG_SERVER', 'https://www.something.com');
    Quote Originally Posted by edadk View Post
    I have all of them set to https in admin.

    Ed
    Quote Originally Posted by dbltoe View Post
    They need to be as in my post. Http for http and https for https
    dbltoe,
    The OP is talking about a store-side preference, not an admin issue.z
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    Nov 2008
    Posts
    192
    Plugin Contributions
    0

    Default Re: secure main page after logging in

    Quote Originally Posted by dbltoe View Post
    They need to be as in my post. Http for http and https for https
    Thanks for the suggestion but that does not have any effect for me other than taking away ssl on most of the admin side.

    This issue also occurs when a user logs out, the next page they are shown is secure, so if the user then performs a search on that page, they get the same warning about info being sent insecurely.

    Again, immediately after login or logout, the user is dropped onto a secure page. If the user then attempts to do a search from the secure page, they receive a popup warning about info being sent insecurely.

    Ed

  7. #7
    Join Date
    Jun 2003
    Posts
    33,721
    Plugin Contributions
    0

    Default Re: secure main page after logging in

    Are you actually getting complaints from your customers about this problem?

    Unfortunately, there is not a way to totally cure the problem except to run the whole store under SSL or don't run SSL at all, neither of those choices is acceptable.

    If you don't make the page after an SSL page appear to be SSL you get other security warnings. So we have minimized the circumstances to limit the possible problems.
    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  8. #8
    Join Date
    Nov 2008
    Posts
    192
    Plugin Contributions
    0

    Default Re: secure main page after logging in

    Quote Originally Posted by Kim View Post
    Are you actually getting complaints from your customers about this problem?

    Unfortunately, there is not a way to totally cure the problem except to run the whole store under SSL or don't run SSL at all, neither of those choices is acceptable.

    If you don't make the page after an SSL page appear to be SSL you get other security warnings. So we have minimized the circumstances to limit the possible problems.
    Thank you for your reply.

    Perhaps I'm looking at this with blinders on.

    Would it be possible to modify the search box so that it will take into account whether or not the search is being performed from a secure page?

    Many thanks,

    Ed

  9. #9
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: secure main page after logging in

    What is your site URL?
    What template are you using?

    I'm not seeing the behavior you describe, when using a fresh install of v1.3.9d
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  10. #10
    Join Date
    Nov 2008
    Posts
    192
    Plugin Contributions
    0

    Default Re: secure main page after logging in

    Quote Originally Posted by DrByte View Post
    What is your site URL?
    What template are you using?

    I'm not seeing the behavior you describe, when using a fresh install of v1.3.9d
    I'm using my own custom template.

    I'll pm you a link, I do not want to post it in the forum.

    thanks,

    Ed

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v151 Logging in twice - only after logging out
    By SarahL in forum Bug Reports
    Replies: 4
    Last Post: 1 Nov 2013, 07:53 PM
  2. Blank Page After Logging In
    By mexman_uk in forum General Questions
    Replies: 5
    Last Post: 29 Oct 2010, 02:32 PM
  3. Main page doesn't load after logging in (catalog side)
    By rvagrrl in forum General Questions
    Replies: 6
    Last Post: 19 Aug 2006, 01:47 AM
  4. Blank Admin Page after logging in!
    By Peace Freak in forum Basic Configuration
    Replies: 2
    Last Post: 5 Aug 2006, 10:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg