crazy https:// stuff

**sheikyerbouti** · 10-22-2002, 04:27 PM

Now here's what's happening:

1. I go to the shopping cart and the url is http://
2. I browse around and add items to the cart (still http://)
3. I go to checkout and it prompts me to login (i already have an account)
4. The login.php page loads (Welcome, Please Sign In) and now the url begins with https:// (secure)
5. I enter my information and click "Sign In" and a dialog box pops up that says that i'm about to "be redirected to a connection that is not secure".
6. If i choose "yes", it takes me to the catalog/checkout_payment.php page, but the url is now reverted BACK to http:// (i am no longer in a secure connection)

What can i do to force this page to https:// ????
The catalog/includes/configure.php page already has the appropriate information, i believe....

______________________________________

Now i just hit the "Back" button on my browser, went back to the login page and entered my password again, and this time it went to a page beginning with https:// .

I can't have this thing "occassionally" take me to the checkout_payment.php page (where people enter credit card info) via a secure connection and other times via a regular http:// page.

Why is it so inconsistent?

any help???
thanks,
pete

**sheikyerbouti** · 10-23-2002, 06:47 AM

anyone seen anything like this before???

-pete

**michael_s** · 10-23-2002, 07:48 AM

This means you have some absolute links, usually to images, somewhere on your page. You need to make sure all links to images are relative, that way they will be called via https:// rather than http://

Look for the images path by right clicking each image and checking the path in the properties (through your browser).

**sheikyerbouti** · 10-23-2002, 08:27 AM

yep, my header (which replaces the oscommerce logo) is an absolute link. Can you remind me which files i need to adjust to make them relative? Thanks for the help. This has been kickin' my @$$.

-pete

Anonymous · 11-07-2002, 05:58 AM

Just thought i'd add a question while were talking about this. I am just upgradeing to use SSL for my shopping cart. I noticed my header is also absolute links.

So are the graphics uploaded twice to two separate servers? (http & https) or just once.

**stan** · 11-19-2002, 02:16 PM

Well, for most setups, it will only be uploaded once. The only difference between HTTP & HTTPS is that the HTTPS is transfered over an encrypted channel. Most of the time, http://yourdomain.com & https://yourdoamin.com grab the content from the same directory.

As far as http/https flipping, that shouldn't happen if you let OS Commerce handle the URLs for you. Most of the tep_* functions will take into account whether the link should be secure or not. In the cases where you want to force something, you can add either 'SSL' or 'NONSSL'. For example, you'll see code like:

tep_href_link( FILENAME_LOGIN, 'action=process', 'SSL' )

So you may need to patch those as necessary. A common mistake is to use a straight-up link instead of one with explicit 'NONSSL' . SSL is expensive, so you usually want it only on the payment pages and the login pages (to protect passwords). Normally in OS Commerce, the state transitions are handled quite well. However, once you start modifying things, it's quite easy to introduce unexpected side effects.

For example, we had a menu on the top of all pages in our modified OS Commerce installation. One of the links is back to the products. Well, if the user was inside the order process and decided to follow the products link out, then the user would continue to have SSL active (https). It's not optimal to have the user use https for normal browsing, but it's generally not a problem, until they get to a form submission that has 'NONSSL' specified. Then the dialog pops up stating that the user is submitting insecure data, blah blah blah. So you really want to be careful designing the flow so that you enter and exit SSL properly. We fixed the problem by forcing exit links to be explicitly 'NONSSL', since they are aborting the checkout process and browsing. When they checkout again, it re-enters the SSL state.

Well, I hope I didn't confuse the heck of everyone now. It's really a simple concept that I'm explaining poorly...

Anyway, the moral of this story is to make sure that you map out your http & https transitions carefully.

-- stan c",)

**someguy** · 11-23-2002, 08:54 AM

why dont any of my images or icons show up when im checking out or loging in?

**stan** · 11-26-2002, 01:44 PM

*sigh* Are the images being reference with https? Are they actually available at that URL? Please follow all the steps and provide detailed info. Otherwise it's hard to diagnose and solve the problem.

-- stan c",)

**sheikyerbouti** · 12-09-2002, 11:05 AM

Originally Posted by msasek

This means you have some absolute links, usually to images, somewhere on your page. You need to make sure all links to images are relative, that way they will be called via https:// rather than http://

Look for the images path by right clicking each image and checking the path in the properties (through your browser).

Okay, i checked the image path by right clicking each image and checking the path in the properties option. My path reads as follows: http://www.mydomain.com/catalog/imag...log_header.gif

Does this mean it's relative or absolute?? And could someone please post the code that i should use to reference this image (catalog_header.gif) and on what page or pages do i need to do this?? header.php???

Thanks for your help. You can see this has been killing me for 2 months and this is rather ridiculous. Outraged clients..... yikes!

Please help.
-pete

**michael_s** · 12-09-2002, 11:50 AM

Pete,

This is caused by images that you have added, but it could be anywhere that you coded an image.

A relative link will have a path:

Code:

/catalog/images/logo.gif

The absolute link will either be a full url to the image:

Code:

http&#58;//www.site.com/catalog/images.logo.gif

An example:

I add an image to the left column, so I code this:

Code:

&lt;tr>
    &lt;td>&lt;img src="images/cert_thawte.gif">&lt;/td>
  &lt;/tr>

This is the relative link, that will not cause me any trouble. But if I code it like this:

Code:

&lt;tr>
    &lt;td>&lt;img src="http&#58;//mysite.com/catalog/images/cert_thawte.gif">&lt;/td>
  &lt;/tr>

I will get the browser warning.

So, look through your changes, and locate the absolute links to images that you placed, and change them to relative paths to the images, and your problem should vanish.

Post the code in question and I will be happy to look at it for you, if this doesn't help.

osCommerce is contstructed out of the box to avoid this issue, so that is why I make the assumption that it is your additional code that is causing the problem.