Using ProductCart - Steps in using secure pages

Steps in using secure pages

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Using ProductCart
Forum Description: Running your store with ProductCart
URL: https://forum.productcart.com/forum_posts.asp?TID=3630
Printed Date: 02-March-2025 at 4:30pm
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com

Topic: Steps in using secure pages

Posted By: Rick_N
Subject: Steps in using secure pages
Date Posted: 18-April-2010 at 11:23am

Hi folks,

OK I have read the WIKI and followed many extra links and got as much info as I can. My question is, what is supposed to happen when switching between non-secure and secure pages?

I enter my store through the front door, via non-secure page( http://www - http://www ......). I add a few items to my cart. I proceed to checkout and switch to the secure page( https://www - https://www ......). At this point, when are the pages supposed to switch back to non-secure? If I proceed to the checkout then the secure page is being used but if I go back to the home page, via header link default.asp (absolute I think it's called) before finishing the checkout it retains the https://www - https://www ... and I am now returned back to a secure home page( https://www.mystore.com/myhomepage.asp - https://www.mystore.com/myhomepage.asp ). How do I get this to default back to the original non-secure page?

I believe it was the WIKI that stated the includes/storeconstants.asp file needs to have the same url as entered in the control panel under Store Uses SSL url. In my case it would be https://www.mystore.com - https://www.mystore.com . If I set the storeconstants.asp to use the same url then all my category navigation, once generated, defaults to secure pages.

I am trying to get my provider to set the “New ID On Secure Connection (keepSessionIdSecure)” setting to false in IIS7. Would this have anything to do with it? I understand the other issue related to the cart items being lost but I do not know if this issue would be related to that setting.

Or would I have to make sure that the links on my header.asp all have full links, with the http:// ?

I hope that made sense.

Thanks.

-------------
EveningSecrets Lingerie...what 'every body' wants
http://www.eveningsecrets.com - EveningSecrets Lingerie

Replies:

Posted By: Greg Dinger
Date Posted: 18-April-2010 at 11:29am

Rick - in your header.asp, footer.asp and possibly others (small search, small cart, etc.) you need to hard-code URLs to HTTP or HTTPS according to where you want to pooint the browser when someone clicks a link.

storeconstants has nothing to do with this, and I cannot think of a reason you would want HTTPS in that file.

Please note that I emphasize URLs. DO NOT hard-code images, css, JS or other physical objects. Only page URLs.

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |

Posted By: Rick_N
Date Posted: 18-April-2010 at 1:14pm

Thanks Greg,

I'll change the links. I assumed this was the way but wanted to clarify.

On the note of changing the storeconstants.asp, perhaps I read it wrong but the page I viewed is here: http://wiki.earlyimpact.com/developers/timeout-issues#iis7 - http://wiki.earlyimpact.com/developers/timeout-issues#iis7 and the lines I read are added below, particularly the one in blue.

Make sure that the file “includes/storeconstants.asp” contains the correct URL

Make sure that the SSL URL under Settings > Store Settings is correct and consistent with the URL in “storeconstants.asp”

Make sure that the Home Page URL under Settings > Store Settings is correct and consistent with the URL in “storeconstants.asp

Thanks for clearing things up.

Rick

-------------
EveningSecrets Lingerie...what 'every body' wants
http://www.eveningsecrets.com - EveningSecrets Lingerie

Posted By: Greg Dinger
Date Posted: 18-April-2010 at 1:19pm

storeconstants should reference HTTP, not HTTPS.

As you are looking at your overall set of changes, I like to go to wherever there is a link that will lead to a login, and change it to HTTPS if that's not already happening as a result of EI's code. This will overcome the eventual red flag you will encounter when you attempt PCI compliance tests.

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |

Posted By: benpate
Date Posted: 21-April-2010 at 12:43pm

The problem is that you have a RELATIVE link NOT an absolute one.

Relative - /productcart/pc/home.asp
Absolute - http://www.domain.com/productcart/pc/home.asp

Change to Absolute version and it will go to the unsecure page...unless you code it that way :)

-------------
http://www.web1seo.com - ProductCart SEO - Resellers and Affiliates welcome

Posted By: Rick_N
Date Posted: 21-April-2010 at 2:57pm

Actually the problem was not to do with the security warning when changing from Secure to Non secure pages. The problem was I did not want to have the site using HTTPS when it didn't need to. I answered my own question with Greg's confirmation.

Many thanks though for adding your point..

Rick

-------------
EveningSecrets Lingerie...what 'every body' wants
http://www.eveningsecrets.com - EveningSecrets Lingerie

Posted By: Rick_N
Date Posted: 21-April-2010 at 2:59pm

Oops,

I misunderstood my own thinking. Yes that was the problem. Once I coded the header links correctly all is fine. However, there were a heck of a lot more that you have to find as you are testing. Custpref.asp is a good example.

Rick

-------------
EveningSecrets Lingerie...what 'every body' wants
http://www.eveningsecrets.com - EveningSecrets Lingerie