problem with ssl

alright, lets see if I can get this right this time...


using opencart 1.5

I set 'use ssl' in admin

I changed the config files in admin, and root directory
When I log in as a shopper, the url is secure :"https://homemakerfurniturestore.com/index.php?route=account/account"
I can add a product to the shopping cart, but if I click on the shopping cart link it takes me to: "http://homemakerfurniturestore.com/index.php?route=checkout/cart"

This causes the message " Your Shopping Cart is Empty."

What is causing the link to the shopping cart to not be https ?

If I hand edit the link for the shopping cart to be https:// it recognizes the items I added.

My guess is that no information is being passed along through the shopping cart itself. Only when you are actually logging in and out and checking out does the page need to be secured. The exact same thing happens on my store as well.

So that leads me to the question, why does setting ssl make the account page secure, but not the shopping cart?


also, I set ssl back to 'no' in admin setting again, but left the config as is. Nothing changed, What is the purpose of the ssl setting in admin, if the urls are controlled by the config files?

I solved my problem by making all urls in config https://

That may solve the problem, but will definitely make the site slower as all data has to be encrypted before being sent and decrypted by the user when they receive the data.

I have not seen this behaviour with standard SSL (i.e. SSL domain matching the non-SSL domain).

I could understand if it were a shared SSL cert as that is not implemented in OC by default without a mod.

The shopping cart doesn't need to be on SSL, only the pages that contain and pass sensitive data need to be, such as the my account section, login section and checkout.

I agree about the weirdness of the setting being turned on/off makes no difference to the config. I'm sure there is a reason for it and there may be a function somewhere that checks for this setting (i am unsure on this though).

I notice your store is in maintenance mode, does the problem still occur when not in maintenance mode ?

uksitebuilder wrote:I notice your store is in maintenance mode, does the problem still occur when not in maintenance mode ?

Funny you should mention that

This is the first I have placed my site in maintenance mode, and am unable to access the site, even when logged in as admin in the admin section when set to maintenance mode.

all of my problems occured with ssl while the site was not in maintenance mode.

In that case, there seems to be some underlying problem because you should be able to see the store in maintenance mode when logged in as admin

a couple of things to try

Your php.ini files in both your root and in admin should contain the following lines:

session.use_cookies = On;
session.use_trans_sid = Off;
session.gc_maxlifetime = 12000000;


The first 2 lines being the most important

If you have those lines already, you should check with your host that php.ini override files are not blocked for some reason and if they are can they make those changes for you.

You could also pm me and attach both your config.php and admin/config.php files so I can check them.

I think I figured out the ssl problem. internet explorer wasn't being very informative, but when i switched to FireFox, it game me the warning message that my ssl certificate did not match my domain. I am going to have to use the domain specifically associated to my hosting account, instead of the domain name I bought to use for the website, Unless I can convince ipowerweb.com to change it for me. the link to the ssl should be in my case : https://blatantgratuitycom.ipower.com Not really the Url I want associated with my store

as far as sessions and cookies go, I had tech support for my server fix the problem of constant logging out of admin.
the maintenance mode issue may just be the same as the cart issue, it logs me out switching from http to https.

ah I see, you were trying to use a SSL Domain that doesn't really exist :-)

As mentioned above, OC by default doesn't support Shared SSL certs or certs with different domain names to the main non-ssl domain unless you use a mod/extension