greatphoto
VP-CART Super User
USA
304 Posts |
Posted - July 18 2004 : 20:53:27
|
I have the same problem. Has anyone found a workaround for this?
I have xssl set to my secure server name so that SSL will be used for the shopcheckout.asp page. This works quite nicely. However, once the checkout process is done SSL continues to be enabled. Even if the customer clicks a side or top navigation button, or the "Return to the homepage" link at the bottom of shopthanks.asp, https remains turned on. How can this be prevented?
(I have also submitted the question to support. If I find a good answer, I'll share it here.)
|
|
|
jonmadrid
VP-CART New User
USA
192 Posts |
Posted - July 19 2004 : 14:29:53
|
Hi Guys,
I have written up a script that I think will do what you need it to do. Here is how it works: It checks to see if a page is being called via SSL/HTTPS. If it is, it then checks to see if that is a page that "needs" to be, or is "ok" to be called in that way. If it's not, then the page will be redirected from HTTPS to HTTP. It's basically taking a list of page names that are "allowed" to access the pages via HTTPS and seeing if the page being viewed is in that list. If not, it takes care of the redirect work for you.
Here's the code:
******* 'Direct traffic off of HTTPS onto HTTP on pages that don't require secured layer: Dim strQueryString Dim strSSLPageNames Dim strCurrentPageName Dim arrPageNames Dim blnSSL
'First, check if we are calling a page via HTTPS to start with or not (If not, no need to do anything): If Request.ServerVariables("SERVER_PORT_SECURE") = 0 Then
'Make a list of all pages we want to be SSL secured, separared by commas: strSSLPageNames = "shopcheckout.asp,shopthanks.asp"
'Get the name of the page that is currently being viewed: strCurrentPageName = Request.ServerVariables("SCRIPT_NAME")
'Create an array of all the page names from above: arrPageNames = Split(strSSLPageNames,",")
'Loop through all the page names to see if we are on an SSL allowed page: For i = 0 to uBound(arrPageNames) If inStr(1,strCurrentPageName,arrPageNames(i),1) Then 'If we have a match, we can exit the loop since we know we are ok: blnSSL = True i = uBound(arrPageNames) 'Adjust count so it won't loop any more. Else 'If no matches, set boolean value to False. blnSSL = False End if Next
'Now, redirect to the appropriate page if needed: If blnSSL = False then Response.Redirect "http://www.YOURDOMAIN.com" & strCurrentPageName & GetQueryString End If
End If
Function GetQueryString 'Check to see if we have a queryString to append: If Request.QueryString <> "" Then GetQueryString = "?" & Request.QueryString Else GetQueryString = "" End If
End Function *******
I'd recommend putting this up at the top of your shop$db.asp file so that it's called by every page in your shopping cart. All you need to edit are the following items:
- strSSLPageNames. This is a comma separated list of names that are "allowed" to be accessed via HTTPS. Do NOT include file paths.
- Response.Redirect towards the bottom. Change "www.YOURDOMAIN.com" to whatever your domain happens to be.
That's it. Copy, paste, change those two things, upload, and you're done.
I hope this helps. Let me know if its what you're looking for.
All the best,
Jon Madrid -------------------- Madrid Communications Web Design, Development, and Hosting www.madridcom.com
|
|
|