Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2006
    Posts
    12
    Plugin Contributions
    0

    Default Admin login with https but refreshes http?

    I have a site on Dreamhost where we have a GoDaddy SSL cert in place and working. On a fresh install of 1.3.6, with install configured to use https for admin, the login screen and initial admin menu resolves with https.

    HOWEVER, if you click the "Admin Home" link in the main admin screen's tool menu, it reverts back to http.

    I'm thinking it must be something hard-coded somewhere since I made sure manually that the variables are correct in the admin/includes/configure.php.

    Anybody know what/where to tweak so that once in admin with https it stays in an SSL session?

    TIA.

    Dave Nuttall
    San Antonio, Texas.

  2. #2
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Admin login with https but refreshes http?

    ONLY the login is secure in admin,
    so this is normal.
    Zen cart PCI compliant Hosting

  3. #3
    Join Date
    Nov 2006
    Posts
    12
    Plugin Contributions
    0

    Default Re: Admin login with https but refreshes http?

    Quote Originally Posted by Merlinpa1969 View Post
    ONLY the login is secure in admin,
    so this is normal.
    Seems counter intuitive, but maybe its just my senior citizen logic!

  4. #4
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Admin login with https but refreshes http?

    You can thank the legacy code for that
    Zen cart PCI compliant Hosting

  5. #5
    Join Date
    Dec 2006
    Posts
    6
    Plugin Contributions
    0

    Default Re: Admin login with https but refreshes http?

    that can't be??? SSL for the login then reverting back to non-encrypted for the rest of the admin area. This particularly poses a problem for the backing-up of the Zen Cart Database as we are required to do this encrypted as it will contain customer credit card details!!!

    What a joke! I apreciate this product is free, but I'm struggling to believe that such a mature application hasn't addressed this potential security hole.

    Can someone confirm that the admin area does not have encryption/https apart from the login?

  6. #6
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Admin login with https but refreshes http?

    leeasteadman,

    I thought I already did that,

    ONLY the login in admin is https,

    and you are NOT supposed to store cc numbers in the DB,
    last I checked ZC Dosnt do this, it stores the first 4 and last 4 the rest get emailed to you,

    it has been stated that when the admin is rewritten 1.5 or 1.6 (I dont remember off the top of my head), that this will be addressed,

    however remember this projust started off as OSC and they dont even have a login for the admin,


    you can always just use the https:// in your admin configure.php file,

    there is a way to do this, but for the most part is NOT really needed.
    Zen cart PCI compliant Hosting

 

 

Similar Threads

  1. v151 Cant login to admin just it refreshes
    By jimmie in forum General Questions
    Replies: 42
    Last Post: 20 Nov 2013, 02:45 AM
  2. SSL is on, but http:// login page does not redirect to https://
    By jackie.taferner in forum Basic Configuration
    Replies: 17
    Last Post: 16 Jun 2011, 04:53 PM
  3. Can't login to admin -- screen just refreshes
    By hepkat12 in forum General Questions
    Replies: 12
    Last Post: 3 Jun 2010, 12:51 PM
  4. SSL works but all links remain http not https
    By spriggig in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 2 Oct 2008, 08:10 AM
  5. banner images show in https but not http
    By makenoiz in forum General Questions
    Replies: 10
    Last Post: 26 May 2008, 04:48 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR