Shared SSL Woes

**Bad Penguin** · 12 Sep 2006, 07:23 AM

I am attempting to run v1.3.5 with a shared ssl setup, and not having much luck. When I go to check out, it results with a login timeout and a "Whoops! Sorry, but you are not allowed to perform the action requested." response.

The hosting is 1and1, php cgi 4.4.4, apache 1.3.37, mysql 4.0.27. The relevant parts of the cart config are:

Code:

define('HTTP_SERVER', 'http://www.myshop.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/www.myshop.net');

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');

define('DIR_WS_CATALOG', '/zcart/');
define('DIR_WS_HTTPS_CATALOG', '/zcart/');

The session settings are all set to true except for Check IP Address and IP to Host Conversion Status.

It appears that when I am on the non-ssl site the cookie domain is .www.myshop.net, when I am on the ssl site it is set to .ssl.perfora.net. Is this normal? It appears to me that two separate sessions are being created, one for the ssl, the other for the non-ssl.

Any help would be greatly appreciated.

**Ajeh** · 22 Sep 2006, 05:40 AM

Try the defaults on the Session Settings:

Title Value Action
Session Directory /home/username/public_html/zencart_directory/cache
Cookie Domain True
Force Cookie Use False
Check SSL Session ID False
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session True
IP to Host Conversion Status true

**Ajeh** · 22 Sep 2006, 05:42 AM

Note: you may need to change the Recreate Sessions to False as well ...

**ferdball** · 22 May 2009, 04:46 PM

Linda, I tried to do this with no luck... Here;s my situation.

I upgraded from a 1.2.7 cart and then moved hosts (actually the other way around technically I HAD to upgrade because I moved to a php5 and mysql5 host)

I plugged in their Shared SSL "https://rdx.websitewelcome.com/~learta"
then I get the "Whoops.... session expired error" on checkout
Turned off SSL on config.php and it works fine.
Asked my host about the php security and they said they dont have anything funky installed.
Installed a BEAND NEW FRESH cart and added a dummy product,, still happens.

I'm thinking it's a Shared SSL issue but dont know for sure.

PLEASE ANYONE have any ideas? help help! live site not working.

**Kim** · 22 May 2009, 05:06 PM

Post your /includes/configure.php without your password information

**SolarPenguin** · 25 Oct 2009, 05:12 PM

I also have a shared SSL cert and ran into the same problem. After some trial and error, I found that if I encrypted my entire cart, things seemed to work. In your case:

define('HTTP_SERVER', 'https://ssl.perfora.net/www.myshop.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/www.myshop.net');

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');

My application isn't overly intensive, so there wasn't much performance loss and it now allows my customers to check out via PayPal express.

Cheers.

**Merritt** · 26 Oct 2009, 03:26 AM

I've got the same problem, and I have yet to find a good enough/professional way to handle this. If anyone that works for and developed this ZenCart program, please reply to our requests!