Results 1 to 7 of 7

Hybrid View

  1. #1
    Join Date
    Jun 2007
    Posts
    9
    Plugin Contributions
    0

    Default ssl session handling

    I have recently installed Zen Cart version 1.3.7 and I am trying to get ssl working on my development server. I have a self-signed certificate and set up Apache to serve up ssl pages from another directory. I copied the cart over to the ssl directory and I can get to https pages, but...

    Admin
    I can log into the admin side and get to the main page, but if I try to go anywhere else I get redirected back to login.

    Catalog
    I can log in and cruise around any page, but when I try to checkout I get redirected to a Login Time Out page.

    I have SSL set to true on all four configure.php files and http/https servers defined as http://localhost and https://localhost respectively.

    I checked all over the forums and found similar problems, but nothing exactly as what is happening to me. Anyone have any suggestions or links that might help?

    Thank you for your time and energy,
    Tim

  2. #2
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,755
    Plugin Contributions
    9

    Default Re: ssl session handling

    You actually should not need to replicate the files in another directory....

    Just the config settings.....and ZC smartly switches to SSL for login and checkout or when sensitive info is to be entered and only for this type of entry.
    Zen-Venom Get Bitten

  3. #3
    Join Date
    Jun 2007
    Posts
    9
    Plugin Contributions
    0

    Default Re: ssl session handling

    Well when I was setting up SSL, the documentation recommended putting the following into vhost-ssl.conf, so apache will know where the ssl pages are located.

    <Directory "/srv/ssldirectoryhtdocs">
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>


    Is this needed or should it be set up differently? Are you saying that the config files will do the work from the http side or should I still have the directory and place only the config files there?

    Thanks
    Tim

  4. #4
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,755
    Plugin Contributions
    9

    Default Re: ssl session handling

    Is this needed or should it be set up differently? Are you saying that the config files will do the work from the http side or should I still have the directory and place only the config files there?
    One set of files at /home or /public_html or /www - what ever your account root is. With no SSL specific dir's.

    Now this is a Linux "Server" for development correct?
    Or is this a wamp - xamp or some win platform?
    Zen-Venom Get Bitten

  5. #5
    Join Date
    Jun 2007
    Posts
    9
    Plugin Contributions
    0

    Default Re: ssl session handling

    Yes, It's a openSUSE 10.2 box. I only use Windows for entertainment

    I removed the extra directory and changed the file name of vhostssl.conf to something else to see if it mattered. It didn't, but thanks for making any future upgrades half as difficult for me.

    Still having the same problem though I keep getting thrown back onto login from the main configuration page (admin) when I use any link. This is perplexing. I mean if ssl didn't work at all I would think it was my setup, which it still could be, but this seems like a session problem where it loses me for a moment and has to re-authenticate me. Now I know it's not because it's trying to move between directories and losing a session variable (that makes the title of this thread a bit misleading). Everything works fine when I have ssl turned off in config.

    Is there anything in php.ini or the apache configuration that could be wrong that would generate this problem? That question is beyond the scope of this forum, but if you think of anything let me know.

    BTW I haven't made any changes to the stock code yet. I want to get this problem solved before I go on. I'm an osCommerce convert wannabe.

    Thanks,
    Tim

  6. #6
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,755
    Plugin Contributions
    9

    Default Re: ssl session handling

    Is there anything in php.ini or the apache configuration that could be wrong that would generate this problem? That question is beyond the scope of this forum, but if you think of anything let me know.
    Between all the LAMP parts we have (I have not actually counted) 'bout 500-1000 settings.

    I guess I would start with your php settings and activated mods for it - are you also running ZEND2. and in php a compliment of various mods - SUSE has some other settings that I never bothered to remember as we do not run it.

    You might just start with the ZC > admin > config > sessions > settings

    For this specific issue there are many other threads about it
    Zen-Venom Get Bitten

 

 

Similar Threads

  1. sessionWatcher (better handling of session timeouts)
    By s_mack in forum All Other Contributions/Addons
    Replies: 49
    Last Post: 4 Sep 2010, 03:49 AM
  2. Recreate Session & Shared SSL.
    By gaffettape in forum Upgrading from 1.3.x to 1.3.9
    Replies: 8
    Last Post: 6 May 2010, 03:13 PM
  3. Session expired on SSL pages
    By milkyway in forum General Questions
    Replies: 3
    Last Post: 16 Jun 2009, 05:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg