Just turned on ssl and now I can't add anything to the cart.

**greg5sb** · 12 Jul 2018, 06:08 PM

When I click add to cart it just returns with a page "Your shopping cart is empty". It worked fine before changing ssl. Any thoughts?

**lat9** · 12 Jul 2018, 07:05 PM

When you "turned on SSL", what changes did you make to your store's /includes/configure.php and /admin/includes/configure.php?

**greg5sb** · 12 Jul 2018, 07:21 PM

Originally Posted by lat9

When you "turned on SSL", what changes did you make to your store's /includes/configure.php and /admin/includes/configure.php?

Thanks for the reply. Initially, I set just the "HTTPS_SERVER" and the "ENABLE_SSL", but I just changed the normal "HTTP_SERVER" to the https version of the site and that seems to have fixed it. Is there something wrong with the setup that I have to do it this way? I know I want the site only in https, but for testing purposes I didn't enable both. Is there anything else I should be looking out for?

**lat9** · 12 Jul 2018, 07:39 PM

Nope, what you corrected to is the "suggested" method:

HTTP_SERVER ... https://www.example.com
HTTPS_SERVER ... https://www.example.com
USE_SSL ..... 'true'

**carlwhat** · 12 Jul 2018, 08:11 PM

Originally Posted by greg5sb

Thanks for the reply. Initially, I set just the "HTTPS_SERVER" and the "ENABLE_SSL", but I just changed the normal "HTTP_SERVER" to the https version of the site and that seems to have fixed it. Is there something wrong with the setup that I have to do it this way? I know I want the site only in https, but for testing purposes I didn't enable both. Is there anything else I should be looking out for?

your initial setup should have worked. the reason why it did not work, is probably due to a hard coded link. for years, there were plenty of ZC installs operating the way that you had it set up. in my experience, when a ZC exhibits the behavior that you saw, it means after you add something to the cart, ZC redirects you to:

https://YOUR_SITE/index.php?main_page=shopping_cart

when it should be redirecting you to:

http://YOUR_SITE/index.php?main_page=shopping_cart

or vice-versa. adding something to the cart from a non-ssl page needs to go to a non-ssl shopping cart page, and adding something from a SSL page needs to go to a SSL shopping cart page. it's only after a customer logs in that i believe those 2 carts get combined.

in any event, i'm taking guesses based on past experience....

Originally Posted by lat9

Nope, what you corrected to is the "suggested" method:

HTTP_SERVER ... https://www.example.com
HTTPS_SERVER ... https://www.example.com
USE_SSL ..... 'true'

to be clear, this is the suggested method for enabling SSL for ALL pages. for years, ZC worked fine the other way and i see no reason why it should not today....

best.

**dbltoe** · 12 Jul 2018, 08:28 PM

For eight months now, Chrome has been telling folks that any zen cart page not presented in https:// is insecure regardless of the validity of the site's SSL.

Starting this month Chrome will declare ANY site as insecure that does not present content as https://.

Firefox started this in motion in 2015 and actually notifies folks as of January last year.

Unless you can re-educate the customer base, they are going to be scared off by such a claim. I'm sure the others will follow suit soon.