VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 General help me questions
 SSL and session variables
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Happy
VP-ASP New User

90 Posts

Posted - April 19 2007 :  08:50:15  Show Profile  Reply with Quote
I implemented SSL on my site and wish to switch to https:// when shopcustomer.asp is displayed. When I do that, the cart contents are lost. I talked to the hosting people and they say that when I switch protocol to SSL I am sent to there secure server which is a different one that the non-ssl one.

Is there a way to over come this probelm?

Is there a way I can save the cart to database and pick it up again after I get into SSL?

Is there any different hosting option I should pursue? I can change the hosting company if needed.

Any help will be greatly appreciated.

Thanks,
Happy

Joff
Starting Member

United Kingdom
43 Posts

Posted - April 19 2007 :  09:06:38  Show Profile  Reply with Quote
Hi Happy,

The problem isn't host related. IIS treats http and https protocol pages like they're on a different domain, so the same sessions won't exist in the https version that you had in http.

I don't think there's a workaround as even setting cookies would rely on the domain.

At what point do you need to use SSL with the cart contents? I only use SSL at the payment details stage, at which point cart contents are all saved to the DB (and can be picked up on the other side of the SSL).
Go to Top of Page

Happy
VP-ASP New User

90 Posts

Posted - April 19 2007 :  12:33:49  Show Profile  Reply with Quote
Thanks for responding Joff.

I want to change to SSL at the page where we capture the name, address, phone etc. during the checkout process (shopcustomer.asp). People expect to see the famous lock at the bottom before they enter their personal info and I do not want to give my potential customers a reason to run away.

Thanks,
Happy
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - April 19 2007 :  17:36:12  Show Profile  Visit devshb's Homepage  Reply with Quote
our domain-tools addon could help with the ssl/non-ssl switching aspect on different pages, and could also help regarding whether people use "www" or not when they visit your site:

http://www.bigyellowzone.com/shopexd.asp?id=64

the main thing is to *not* use a shared ssl area as there'll be no way that you can keep the session, so you definitely need to have an https domain which matches your http domain.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons
Go to Top of Page

Happy
VP-ASP New User

90 Posts

Posted - April 19 2007 :  20:38:03  Show Profile  Reply with Quote
Thanks Simon.

My problem is not of www. vs. no-www. My problem is between http://www.myfinestjewelry.com vs. https://www.myfinestjewelry.com. During this switch the cart contents are lost. I went through the link you gave above.

Will that add-on solve this problem?

Thanks,
Happy
Go to Top of Page

k-otic
Starting Member

49 Posts

Posted - April 19 2007 :  23:51:15  Show Profile  Reply with Quote
It does sound like an issue with your host - pretty sure sessions can't be swapped between servers so if you host is using different servers to host your secure files and your main cart files then you will be losing the sessions.

Seems like a strange set up for a dedicated SSL certificate to me...
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - April 20 2007 :  03:13:08  Show Profile  Visit devshb's Homepage  Reply with Quote
the previous poster is right; our tool won't correct that problem because the user is still on the same domain; it does indeed look like a hosting/certificate problem.

normally, as per the previous posting, your ssl area would use the same server as your non-ssl area, and should normally also use the same physical directory/fileset too.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on April 20 2007 03:21:40
Go to Top of Page

Joff
Starting Member

United Kingdom
43 Posts

Posted - April 20 2007 :  03:26:33  Show Profile  Reply with Quote
Simon, I've been led to believe that session variables are also protocol specific under IIS, so http and https are both a different session.

Is this not the case?
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - April 20 2007 :  05:17:28  Show Profile  Visit devshb's Homepage  Reply with Quote
hi; nope; that's not the case; http and https should be using the same session; the only bit that should be specific is the "www" or non-www element (and the domain/subdomain), different protocols should be using the same session.
you can try it out by adding something to the cart, and then adding the "s" onto the protocol in your browser address line, and if the cart shows up as empty then it's a problem on the server/certificate.

At least, that's how it should work, as to how that gets done from the IIS side I've got no idea to be honest.

We've got quite a few clients who use ssl, and they can move around on/off ssl while keeping the session active at all times (with no custom-coding to cater for that).

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on April 20 2007 05:27:20
Go to Top of Page

dwight
VP-ASP New User

USA
143 Posts

Posted - April 20 2007 :  07:08:08  Show Profile  Reply with Quote
My web host has a shared SSL
and
I use Verisign as my payment gateway.
and
I have VPASP 6.5 option package

Like others, my customers don't get to see that the credit card payment is secured "https" because they jump ship when they get to the customer login page, createorder page, and ansimshopcheckout page which don't have https.

please let me know what to do based on the above information so that the following pages will display with the https

https://www.mysite.com/shop/customer.asp and https://www.mysite.com/shop/createorder.asp and https://www.mysite.com/shop/ansimshopcheckout.asp

I would like to know how to make it work seemlessly either by shared SSL or not shared.

I think this may help others and especially keep customers from jumping ship
Thanks
Dwight
Bye
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - April 20 2007 :  07:12:23  Show Profile  Visit devshb's Homepage  Reply with Quote
our domain tool will let you skip on/off ssl at the relevant pages, and will also help on the "www" or non-www issue, but you still need to not use shared ssl because if you use shared ssl then no matter what you do the session will not be available when moving.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons
Go to Top of Page

support
Administrator

4266 Posts

Posted - April 20 2007 :  20:36:05  Show Profile  Visit support's Homepage  Reply with Quote
Hi all,

In VP-ASP 6.50 we have fixed the issue with using different domains and you can also set the customer page page be in SSL mode by changing a config setting.

In the shop$config.asp locate the xmysite setting and insert the url that matches your ssl url path but with out the "s" in the http.

You need to have this point to the folder where you have VPASP installed.

So if in a sub folder called shopping it would be something like:

const xmysite = "http://www.yoursite.com/shopping"

In the xssl setting in shop$config.asp file insert your ssl path.

const xssl = "https://www.yoursite.com/shopping"

As long as you are using a dedicated SSL and not a shared SSL you will not now lose sessions and anyone can visit your site using whatever domain name and even whether it has the www in the url or not.

To have the ssl start from the customer page in 6.50 locate the following setting in the online Set-Up and set to Yes:

xsslshopcustomer

This will now change the url to match your xssl setting.

Hope this helps.

Thanks
Cam

VP-ASP Support
Go to Top of Page

Happy
VP-ASP New User

90 Posts

Posted - April 20 2007 :  21:30:27  Show Profile  Reply with Quote
Thanks Cam, I will try this out. Appreciate your help.

Thanks,
Happy
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000