switching back and forth between http and https

[ajmn]

is it possible to set-up so the store so it does not switch back and forth between the http: and https: state?
i.e. the store is http: unless at the login page or checkout page (and further)
and http: when logged in but just browsing the store ~ again until checkout is clicked on the cart page.

i’m thinking as a user it would be nice once logged in it remained in the https: state

perhaps unnecessary, but it does lead me to think the customer would see it dropping out of secure to non-secure and perhaps draw the wrong conclusion that the site is not secure.

~ a lateral thought came to me that i could just define

PHP Code:

  define('HTTP_SERVER', 'http://www.mydomain.co.uk');
  define('HTTPS_SERVER', 'https://www.mydomain.co.uk'); 


to

PHP Code:

  define('HTTP_SERVER', 'https://www.mydomain.co.uk');
  define('HTTPS_SERVER', 'https://www.mydomain.co.uk'); 


(in configure.php)
but thought i’d ask first

[IDW]

that will work but the site will be slow. Most people dont notice the https. but they do notice slow websites

[ajmn]

cheers for prompt reply IDW,
nice to know,
I'm guessing 'slow' because of the ssl check each page load?

I'll keep it running http & https,

i personally know there's no need for the ssl/https state while browsing... no sensitive content needing encrypting etc

it was just bugging me that the padlock was obviously appearing and disappearing, and wondered what another less knowledgeable customer would start to think etc

[DrByte]

The point IDW made about "slow" is based on the long-standing understanding that since it takes the server extra time to encrypt the page content, and your browser takes some time to decrypt the received content before it can display it, that the user's experience may be slightly hindered, especially if they're using very slow internet connections.

But since most good reliable webservers are more highly powered nowadays, that argument becomes less and less relevant.

Nevertheless, there's no need to be staying in SSL mode if the page content being displayed or the data being entered is not sensitive in any way.

If your customers do actually complain to you about it, then you can decide to make changes *then*. Until such time, it's not necessary, and just complicates things needlessly. Zen Cart will switch in and out of SSL where needed. It's highly unusual for customers to find this confusing or undesirable.

[ajmn]

thanks for the clarification