SSL bug?

[Kim]

server IP changes are relatively rare

The IP change is more than likely the culprit. You really need a dedcated IP. What are your settings in the Admin> Configuration> Sessions?

[Merlinpa1969]

I just tried to go to your test site, and there is nothing there, however you may be interested to know that your site meter is breaking the SSL on your main page.

Just to let you know.

and Now I understand a server IP swap. causing the issue,
however I am not seeing how this is a zc bug.
I can tell you though that I moved 150 clients from 1 server to another in a completly seperate class C range in a different datacenter and never had the isue you are describing,

[DrByte]

I decided to do some more digging ...

A quick Google for "credit_cards.php" shows I'm not alone.

I do find your post by googling as you described, and a number of errors related to another shopping cart system, as well as some problems folks have while trying to use a xoops-related integration of a very old version of Zen Cart.
However, I'm not seeing any information that can help document any sort of pattern, whether hosting-related or coding-related or browser-related or otherwise.

Sometime after you've had a chance to look after the stresses of day-to-day life and unexpected challenges, it would be helpful if you would document the research you've done so far. As you said, being a coder yourself, I'm sure you understand the value of such research in order to narrow down the cause, establish a pattern by which to consistently reproduce the symptoms, and thereby develop a working solution (and know that it's fixed because the symptoms can no longer be repeated).

I hope the tree didn't do any damage ...

[philmck]

I just tried to go to your test site, and there is nothing there...

I removed it because I got flamed for putting it there and because it wasn't helping because none of you have the old cookies that seem to cause the problem.

... however you may be interested to know that your site meter is breaking the SSL on your main page...

Thanks for letting me know, it's just an experiment. It broke W3C validation as well. :-(

...Now I understand a server IP swap. causing the issue,
however I am not seeing how this is a zc bug...

Well it causes a fatal error for external users with no known workaround, so it's definitely a bug of some sort. If you're saying Zen-Cart shouldn't need to cope with this situation (changing hosts) then I beg to differ. If you think the host is misconfigured somehow please explain.

[Merlinpa1969]

Phil,

Please forgive this blunt statement, but thats crap.
folks change hosts with zen cart all the time.
<< changes people from one to another all the time with NO issues,
as I stated before in July we moved 150 Clients, and since we went from public domain racks to private racks in different datacenters then we most definitly swapped IPS,

so please stop this endless chatter about a bug and look internally, either operator or server

cause its NOT ZC......

<< will be doing 2 migrations today as soon as I get all the details from the owners, I will report back and let you know if there are ANY session issues,
but I am not expecting any

I have NO idea how your host is setup,
I have no reason to, other than the folks that have jumped ship to us because the host in question is not up to par for their task.

[philmck]

... it would be helpful if you would document the research you've done so far... in order to narrow down the cause, establish a pattern by which to consistently reproduce the symptoms, and thereby develop a working solution (and know that it's fixed because the symptoms can no longer be repeated)

OK, here's a summary:

1. The fatal error started happening after a server change. (I initially thought a zen-cart upgrade was the cause but I was wrong.) The error indicates that a file can't be found but it is in fact there. It appears when a user tries to access an SSL path such as the checkout.

2. It happens on a "clean" installation (using Fantastico); the only config change necessary is to set ENABLE_SSL to True and set the SSL path in includes/configure.php. It was 100% reproducible for me when I did this. My host uses shared SSL on a path of the form https://[myServer]/~[myUsername]

3. It's happened to me before, after a server change. On that occasion I noticed that I did NOT see the error on a different computer (at work). That made me suspect cookies, caching or firewall problems. It turned out that clearing cookies fixes the problem (in Firefox and IE6 at least).

4. It turns out that the IP address of my server changed during the upgrade, which I had not expected but may be the cause of the cookie problem.

Since I have now cleared my cookies (didn't take a backup, sorry) I can't tell you exactly which cookie caused the problem. I've got a very busy weekend (playing in a concert) so won't be able to do anything more for a couple of days.

[Website Rob]

Admin > Configuration > Sessions

Cookie Domain - True
Force Cookie Use - True
Check SSL Session ID - False
Check User Agent - False
Check IP Address - False
Prevent Spider Sessions - True
Recreate Session - True
IP to Host Conversion Status - true

The above applies to using a Dedicated SSL so not sure if any different for a Shared.

Speaking of which, I surprized that you would be using a Shared SSL? You know already that when used it is not your Domain name that shows in the URL; which has a tendency to confuse people and/or cause a loss of Sales. With Dedicated SSL's costing only $20 - $50 per yr., I fail to see why anyone would be using a Shared instead of a Dedicated.

[Kim]

Is the above session settings yours Phil? If it is turn off the force cookie usage.

[Website Rob]

Those settings are an example for Phil to go by. I took them from a Client site using a Dedicated SSL Cert and operating with no problems.

Why would you suggest to turn off Cookie Domain & Force Cookie Use? No sense using one without the other and both help site Visitors. Not uncommon to start an Order with a few items in the Cart then leave and come back later, picking up where you left off.

[Kim]

Force Cookies with a shared Certificate will break things because the domains don't match.