Changing secure subdomain

[Kromak]

Hi all,

I'm currently running the store from 2 folders.

/webshop (unsecured)
/secure (secured)

The secure folder is SSL protected from a secure subdomain. I'm not sure how my host had the site configured before because I only had to change the files in the webshop for it to affect both domains.

I've tried redirecting my subdomain to /webshop but I get a login loop on the admin screen. Is this just a problem with the configure.php files?

Many thanks in advance

[schoolboy]

What is your reason for running this as secure and unsecure? There are no advantages to making a zencart site "fully secure".

[Kromak]

I think you misunderstand -

When someone logs in to either the user area or admin area the site switches to SSL which is running on a subdomain

[schoolboy]

But WHY are you doing it this way?

Zencart is "intuitive" and will invoke SSL when it is needed.

Now you may have some odd setup on your server (I don't know), but on the servers we use, we simply install a SSL certificate, then in the two configure.php files, we adjust the settings to get ZC to operate under SSL.

I cannot see why you are needing sub-domains and sub-directories just to invoke SSL (unless of course your server is itself mal-configured, or is using ancient methodology).

[Kromak]

Its because this was originally set up many moons ago ;) My SSL cert is linked to this subdomain

[DrByte]

I've tried redirecting my subdomain to /webshop but I get a login loop on the admin screen. Is this just a problem with the configure.php files?

No, that's because the session cookie domain doesn't match the domain that you're visiting from. Thus it can't connect the dots to validate you.

For your admin, you could maybe just move your entire admin folder under the /secure/ folder, since you never need to access it unsecure.

For your storefront, you've got a complicated problem there, which would be best solved by deleting the /secure/ folder and creating a symlink in its place to point to your /webshop/ folder ... so that any requests for the /secure/ folder actually redirect to /webshop/ directly (in the server's own internal filesystem, not with apache redirects which cause security problems).

[Kromak]

Thanks for that. The site works as it is for now. Its just a bit of a pain copying files between the 2 folders. Would it be better for me to get my SSL cert changed to just the root domain?

[DrByte]

Would it be better for me to get my SSL cert changed to just the root domain?

I'd definitely be inclined to make the change. If you can't alter the existing certificate for free, then at least make the change when you next renew it.

[Kromak]

I've decided to live with it as it currently is. I don't mind editing both folders when needed. However I am getting a curious problem with my image uploads. Because my admin is on the /secure folder, images get uploaded there and do not show up on the unprotected site.

Can this be fixed with the configure files? Currently they are set -

/webshop/admin/includes/configure.php
-------------------------------------

Code:

define('HTTP_SERVER', 'http://mywebsite.com');
  define('HTTPS_SERVER', 'https://secure.mywebsite.com');
  define('HTTP_CATALOG_SERVER', 'http://mywebsite.com');
  define('HTTPS_CATALOG_SERVER', 'https://secure.mywebsite.com');

  // Use secure webserver for catalog module and/or admin areas?
  define('ENABLE_SSL_CATALOG', 'true');
  define('ENABLE_SSL_ADMIN', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_ADMIN', '/webshop/admin/');
  define('DIR_WS_CATALOG', '/webshop/');
  define('DIR_WS_HTTPS_ADMIN', '/admin/');
  define('DIR_WS_HTTPS_CATALOG', '/');

  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'images/');
  define('DIR_WS_CATALOG_TEMPLATE', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/templates/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');

---------------------------------------------------------

/secure/admin/includes/configure.php
--------------------------------------------------------

Code:

define('HTTP_SERVER', 'https://secure.mywebsite.com');
  define('HTTPS_SERVER', 'https://secure.mywebsite.com');
  define('HTTP_CATALOG_SERVER', 'http://www.mywebsite.com');
  define('HTTPS_CATALOG_SERVER', 'https://secure.mywebsite.com');

  // Use secure webserver for catalog module and/or admin areas?
  define('ENABLE_SSL_CATALOG', 'true');
  define('ENABLE_SSL_ADMIN', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  define('DIR_WS_ADMIN', '/admin/');
  define('DIR_WS_CATALOG', '/');
  define('DIR_WS_HTTPS_ADMIN', '/admin/');
  define('DIR_WS_HTTPS_CATALOG', '/');

  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'images/');
  define('DIR_WS_CATALOG_TEMPLATE', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/templates/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', HTTP_CATALOG_SERVER . DIR_WS_CATALOG . 'includes/languages/');

-----------------------------------------------------

Any help is appreciated.

Thanks

[DrByte]

I've decided to live with it as it currently is. I don't mind editing both folders when needed. However I am getting a curious problem with my image uploads. Because my admin is on the /secure folder, images get uploaded there and do not show up on the unprotected site.

That's the downside of having two disconnected folders for SSL and NONSSL: you need to manually sync both sets of files, usually by uploading any changes/additions to both locations via FTP.

Can this be fixed with the configure files?

You might mitigate some of it by making sure DIR_FS_CATALOG in your admin configure.php matches (ie: copy it from) DIR_FS_CATALOG in your non-admin configure.php.

If you were to set up the symlink thing I mentioned earlier, you wouldn't have this problem.