ShopSite Forums

[mobilchuckje]

Hi,

I have locked down my client's ShopSite store by placing .htaccess file in the "store" directory. We have noticed that some browsers ask for the password several times before being satisfied. This seem to result from calling multiple elements for the page (ie images). Clicking cancel on the password pop up will result in broken image links.

Has anyone else run into this. Is there something I can do to help streamline the password process so that users are not asked to enter the password multiple times.

I've searched and read past threads here and they recommend using .htaccess/.htpasswd as the solution to locking down the store, but the multiple requests to enter the password is causing consternation for some users.

Thank you for your help,
chuck.

[Jim]

Each domain name will require logging in by .htpasswd. So for example if a shopper goes to http://yourdomain.com they would have to log in. If your store is actually at http://www.yourdomain.com then when a link switches them from the login at http://youdomain.com to http://www.yourdomain.com that would force another login. If you have a page at https://yourdomain.com that would require another login.

So to sum it up:
http://yourdomain.com
http://www.yourdomain.com
https://yourdomain.com
are all different domains and a browser would have to login again when switching between any of them

So make sure that you are using proper urls for the directory that has the .htpasswd file on it.

[mobilchuckje]

Super. I will check that.

thanks.
chuck.

[mobilchuckje]

Using Firefox 3.5.10 and OSX 10.5.8, when I log into the SS admin area I have to hit ok on the htpasswd bypaswd pop up 20 times before the browser will move on. Presumably because the images that make up the page are located in "/store/shopsite-images/en-US/..." The .htaccess file is in the "/store/" directory.

Thoughts? The recommendation to use htpassword is given so simply, I must be doing something wrong.

Thanks for your advice.

chuck.

[loren_d_c]

Yeah, if you've password-protected the parent directory of the directory that has the backoffice images, then you will have to authenticate with that directory for the images to load. However, you shouldn't have to do it 20 times. Make sure that in these cases you are providing the password you set for the /store directory, not your ShopSite backoffice password.

Another solution would be to move the shopsite images directory OUT of your password-protected /store directory to a different location that is NOT password-protected. If/when you do this, there are a few settings in the main settings file ([your_login_name.aa in the 'ss' directory) that will need to be updated to reflect the new location, namely the 'image_dir', 'image_url', and 'image_url_secure' settings.

-Loren

[mobilchuckje]

Yes, I enter the SS Admin login first and then Firefox asks me for /store/.htaccess password 20 times. If I hit cancel on any of these, once I get through, there will be page elements with broken image links.

This is not as important as cleaning up the process for the customer, but I will take your advice on moving "non-store" items out of the protected area.

Thanks again. Any other advice from folks working with this issue would be certainly welcomed.


cheers,
chuck

[mobilchuckje]

Ok, one thing I've figured out:

No matter what I set as the button on the Customer Reg. Sign In button preferences for "BackToCart", parsing the Customer Reg template, [-- BUTTON BackToCart--] produces:

<img src="https://www.mydomain.com/store/media/continue_shopping.gif" border=0 alt="Continue Shopping">

even if I specify the full URL, even a different file. The "https:" is generating an additional .htaccess password request.

It seems that SS isn't actually parsing [--BUTTON BackToCart--] and instead is hardwired to insert the default button complete with "https://"

Thoughts?

thanks
chuck.

[mobilchuckje]

... even if I set the button preference to TEXT it produces a link with the .gif button. Must be an error in the cgi.

[Jim]

What template are you using?, Is it a custom one or one ShopSite provided?

What version of ShopSite?

[mobilchuckje]

What template are you using?, Is it a custom one or one ShopSite provided?

What version of ShopSite?

ShopSite® Pro 8.0.2

I'm using a customized CR template.

[mobilchuckje]

This is one section of the CR template as I'm using it:


### Registered Customer Sign-In Page ###
[-- DEFINE Sign_In --]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
[-- Var.title STORE.SignIn --]

<link href="http://www.mydomain.com/css/css/my_layout.css" rel="stylesheet" type="text/css" />
<!--[if lte IE 7]>
<link href="http://www.mydomain.com/css/css/patches/patch_my_layout.css" rel="stylesheet" type="text/css" />
<![endif]-->

[-- INCLUDE nunn_crHeader.txt PROCESS --]

<p>[-- STORE.UseSignInEmail --]</p>

[-- CR_Signin_Email_Password --]

<BR><p align="center">[-- BUTTON SignIn --]&nbsp;[--BUTTON BackToCart --]</p>
[-- INCLUDE nunn_crFooter.txt PROCESS --]
[-- END_DEFINE Sign_In --]

[Jim]

What happens if you use one of the ShopSite provided templates?

With your store running ShopSite 8.0.2 you have a version almost 5 years old. I would strongly recommend that you upgrade to a more recent version. It is very difficult to try and debug issues in a version that old. If there is an issue it may have been resolved in a later version so the solution would be to upgrade. You can check for known issues in the kbase at http://support.shopsite.com/KBase/

You can see other enhancements since version 8 at http://shopsite.com/help/ and then click on the various links to "new features in Shopsite x,x