ShopSite Forums

[barnstormer]

I'm using the "order anywhere" order forms to submit to the ShopSite cart, with the form action of:
"https://www.domain.com/cgi-bin/sc/order.cgi". A browser redirect error is displayed when submitting to the cart.

According to the following post, it appears that ShopSite is not set up to allow for the initial View Cart page to be called from an https order form.
http://support.shopsite.com/forums/viewtopic.php?t=3680&highlight=https+shows+http

I would first like to verify that this information applies for ShopSite Pro version 8.3. And if so, is there a way to make the first view cart screen work with an https order form?

Although the first cart screen does not require entry of sensitive information, upon entering the cart, we would like our customers to see a secure page.

Any assistance would be appreciated. Thank you.

[Jim]

What is the exact error you are getting?

[barnstormer]

Error message:
"You are about to leave a secure Internet connection. It will be possible for others to view information you send."

In addition, the address displayed in the address bar on the view cart screen shows http, not https.

[Jim]

That indicates that your store page, where the add to cart button is located, is a secure page other wise you wouldn't be leaving a secure page. Are you accessing the store pages from a secure, https, url? If your store pages are aways secure you could make the order anywhere links secure url instead of the non-secure one that should fix it.

[barnstormer]

Hi, Jim. Thanks for helping out.

That indicates that your store page, where the add to cart button is located, is a secure page other wise you wouldn't be leaving a secure page.

The page with the "order anywhere" form is not a secure page.

Here's what my hosting tech support's response was to my inquiry:
"The way the pages are set up, the code is specifying that the forms be submitted to the order page as secure. However, the script for the order page is specifying that the page not be secure. Based on the information in the article linked below, the script is designed to access everything as non secure until the final checkout stage which it is doing.

http://support.shopsite.com/forums/view ... shows+http

Since the script is compiled with this functionality built in, trying to force it to use https from the calling page will not work. The script will redirect and there will be warnings of changing to a non secure site for some people. This depends largely on the settings in each user's browser. People with more strict security policies will see more of these warnings than those with lower security settings.

Your options to correct the warnings is to change the code on the calling PHP pages to not direct to https or to change the way that the script handles the redirection to a nonsecure page."

Here is a stripped-down test form URL:
http://www.longlifepetsupplements.com/l ... s/test.php

Please let me know what you find out, and thanks again.

[Jim]

Your page is calling the shopping cart screen securely (<form action="https://www.longlifepetsupplements.com/cgi-bin/sc/order.cgi" method="post" id="orderfrm" class="validate">)

If the store was not setup to access the first shopping cart screen securely when it was installed, which normally ould not be done, then any redirects that the cart does (and it does several of them) will more than likely go to the non-secure url associated with your store and not the secure url even though that is where the post came to.

You could probably change that functionality by changing the token sb_reg_url:
in the configuration file for your store to be the https url. This file is located in the backoffice cgi directory (usually ss or bo) for your store and will be named <storeid>.aa where <storeid> is the login name for your backoffice.

I don't know if that would cause problems with warning of going to a non-secure page if someone clicks on the empty cart, continue shopping etc buttons so you would want to test that functionality. Also depending on the template you are using you might end up with non-secure images on the page unless you change the way the template calls for images.

Note that if you do this and your secure domain name is not the same as your store page domain name and you are using he mini cart on your store pages it will no longer function because the minicart is maintained in a cookie and the cookie would now be set by a different domain than the store pages are on and would not be readable to store page.

Give it a try and see if that fixes the problem for you (without creating more issues) .

[barnstormer]

Jim, I did as you suggested and also modified a couple of other settings.

From my initial testing, I think the issue is resolved, but I'll get back with you after we've thoroughly tested this with various web browsers. I'll submit a follow-up post detailing what I did when we're finished testing.

Thank you so much for your prompt replies and excellent suggestions.

[barnstormer]

Thanks again for your assistance. Here is what I did to make the first shopping cart screen function under SSL:

1) changed this as you suggested:

You could probably change that functionality by changing the token sb_reg_url: in the configuration file for your store to be the https url. This file is located in the backoffice cgi directory (usually ss or bo) for your store and will be named <storeid>.aa where <storeid> is the login name for your backoffice.

2) In cart admin, Preferences > Store Text > Shopping Cart > Buttons, changed each of the URLs to the individual cart buttons to the full path with https://

3) In cart admin, Preferences > Hosting Service > Store Settings, changed Shopping Cart CGIs URL from http to https.

With those changes, the first cart page comes under full SSL.

Thanks again, Jim for your very prompt and helpful solution!