| Author |
 Topic  |
|
|
Happy
VP-CART New User
90 Posts |
 Posted - April 19 2007 : 08:50:15
|
I implemented SSL on my site and wish to switch to https:// when shopcustomer.asp is displayed. When I do that, the cart contents are lost. I talked to the hosting people and they say that when I switch protocol to SSL I am sent to there secure server which is a different one that the non-ssl one.
Is there a way to over come this probelm?
Is there a way I can save the cart to database and pick it up again after I get into SSL?
Is there any different hosting option I should pursue? I can change the hosting company if needed.
Any help will be greatly appreciated.
Thanks,
Happy |
|
|
Joff
Starting Member
United Kingdom
43 Posts |
Posted - April 19 2007 : 09:06:38
|
Hi Happy,
The problem isn't host related. IIS treats http and https protocol pages like they're on a different domain, so the same sessions won't exist in the https version that you had in http.
I don't think there's a workaround as even setting cookies would rely on the domain.
At what point do you need to use SSL with the cart contents? I only use SSL at the payment details stage, at which point cart contents are all saved to the DB (and can be picked up on the other side of the SSL). |
 |
|
|
Happy
VP-CART New User
90 Posts |
Posted - April 19 2007 : 12:33:49
|
Thanks for responding Joff.
I want to change to SSL at the page where we capture the name, address, phone etc. during the checkout process (shopcustomer.asp). People expect to see the famous lock at the bottom before they enter their personal info and I do not want to give my potential customers a reason to run away.
Thanks,
Happy |
|
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 19 2007 : 17:36:12
|
our domain-tools addon could help with the ssl/non-ssl switching aspect on different pages, and could also help regarding whether people use "www" or not when they visit your site:
http://www.bigyellowzone.com/shopexd.asp?id=64
the main thing is to *not* use a shared ssl area as there'll be no way that you can keep the session, so you definitely need to have an https domain which matches your http domain.
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
|
|
|
Happy
VP-CART New User
90 Posts |
Posted - April 19 2007 : 20:38:03
|
Thanks Simon.
My problem is not of www. vs. no-www. My problem is between http://www.myfinestjewelry.com vs. https://www.myfinestjewelry.com. During this switch the cart contents are lost. I went through the link you gave above.
Will that add-on solve this problem?
Thanks,
Happy |
|
|
|
k-otic
Starting Member
49 Posts |
Posted - April 19 2007 : 23:51:15
|
It does sound like an issue with your host - pretty sure sessions can't be swapped between servers so if you host is using different servers to host your secure files and your main cart files then you will be losing the sessions.
Seems like a strange set up for a dedicated SSL certificate to me... |
|
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 20 2007 : 03:13:08
|
the previous poster is right; our tool won't correct that problem because the user is still on the same domain; it does indeed look like a hosting/certificate problem.
normally, as per the previous posting, your ssl area would use the same server as your non-ssl area, and should normally also use the same physical directory/fileset too.
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
Edited by - devshb on April 20 2007 03:21:40 |
|
|
|
Joff
Starting Member
United Kingdom
43 Posts |
Posted - April 20 2007 : 03:26:33
|
Simon, I've been led to believe that session variables are also protocol specific under IIS, so http and https are both a different session.
Is this not the case? |
|
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 20 2007 : 05:17:28
|
hi; nope; that's not the case; http and https should be using the same session; the only bit that should be specific is the "www" or non-www element (and the domain/subdomain), different protocols should be using the same session.
you can try it out by adding something to the cart, and then adding the "s" onto the protocol in your browser address line, and if the cart shows up as empty then it's a problem on the server/certificate.
At least, that's how it should work, as to how that gets done from the IIS side I've got no idea to be honest.
We've got quite a few clients who use ssl, and they can move around on/off ssl while keeping the session active at all times (with no custom-coding to cater for that).
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
Edited by - devshb on April 20 2007 05:27:20 |
|
|
|
dwight
VP-CART New User
USA
143 Posts |
Posted - April 20 2007 : 07:08:08
|
My web host has a shared SSL
and
I use Verisign as my payment gateway.
and
I have VPASP 6.5 option package
Like others, my customers don't get to see that the credit card payment is secured "https" because they jump ship when they get to the customer login page, createorder page, and ansimshopcheckout page which don't have https.
please let me know what to do based on the above information so that the following pages will display with the https
https://www.mysite.com/shop/customer.asp and https://www.mysite.com/shop/createorder.asp and https://www.mysite.com/shop/ansimshopcheckout.asp
I would like to know how to make it work seemlessly either by shared SSL or not shared.
I think this may help others and especially keep customers from jumping ship
Thanks
Dwight
Bye |
|
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 20 2007 : 07:12:23
|
our domain tool will let you skip on/off ssl at the relevant pages, and will also help on the "www" or non-www issue, but you still need to not use shared ssl because if you use shared ssl then no matter what you do the session will not be available when moving.
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
|
|
|
support
Administrator
4679 Posts |
Posted - April 20 2007 : 20:36:05
|
Hi all,
In VP-ASP 6.50 we have fixed the issue with using different domains and you can also set the customer page page be in SSL mode by changing a config setting.
In the shop$config.asp locate the xmysite setting and insert the url that matches your ssl url path but with out the "s" in the http.
You need to have this point to the folder where you have VPASP installed.
So if in a sub folder called shopping it would be something like:
const xmysite = "http://www.yoursite.com/shopping"
In the xssl setting in shop$config.asp file insert your ssl path.
const xssl = "https://www.yoursite.com/shopping"
As long as you are using a dedicated SSL and not a shared SSL you will not now lose sessions and anyone can visit your site using whatever domain name and even whether it has the www in the url or not.
To have the ssl start from the customer page in 6.50 locate the following setting in the online Set-Up and set to Yes:
xsslshopcustomer
This will now change the url to match your xssl setting.
Hope this helps.
Thanks
Cam
VP-ASP Support
|
|
|
|
Happy
VP-CART New User
90 Posts |
Posted - April 20 2007 : 21:30:27
|
Thanks Cam, I will try this out. Appreciate your help.
Thanks,
Happy |
|
|
| |
Topic |
|
All Forums
SSL and session variables
New Topic
Printer Friendly
TrustGuard - PCI Security Scanner
