Anyone Actually Have Shared SSL Working?

[Guest internetpilot]

I apologize for posting this same question in multiple threads, but to make sure it gets to the people who may actually have shared SSL working, it really needs to have its own thread (in my opinion).

So...does anyone actually have v3.0.5 working with a shared SSL?

I personally suspect that no one has this working, but it would be nice to know once and for all if I'm wasting my time or if there actually is a light at the end of the tunnel.

-- Chris

[Guest toppair]

Ya I agree, would be nice to know if an end is near.

[Guest ssppaarree]

I have v3.03 working well in a SSL.

[convict]

It appears if not secured domain is different to shared SSL domain it doesnt work properly becasue of different session for both domains.

[convict]

Below is my experiment for what i have mentioned above:

sessions.inc.php

orriginal code:

	if(isset($_COOKIE['ccUser'])){

	

  $sessId = base64_decode($_COOKIE['ccUser']);

	

	} elseif(isset($_GET['ccUser'])){

	

  $sessId = $_GET['ccUser'];

	

	}

changed to:

	if(isset($_GET['ccUser'])){

	

  $sessId = $_GET['ccUser'];

	

	} elseif(isset($_COOKIE['ccUser'])){



  $sessId = base64_decode($_COOKIE['ccUser']);	

	

	}

Result:

Shop works on SHARED SSL and cart isnt EMPTY by switching into/out of SSL!

I dont have made any other tests............

B)

[Guest dunkirk]

Hi,

Where can this file be located? also what about the admin page? can that still be accessed.

Thanks

[convict]

includes/sessions.inc.php

[Guest internetpilot]

I have v3.03 working well in a SSL.

Is it working on a shared SSL or a dedicated SSL?

-- Chris

[Guest dunkirk]

Hi,

Thanks for that will give it a go.

Just a qucik question to make sure i fill in the fields correctly.

Root Secure Public HTML Folder:

Absolute Secure URL to Store:

Server Secure Root Directory:

---------------------------------------------------------------------------------------

my Root directory /home/username

my WWW directory /home/username/public_html

I am using CC 3.0.4 and installed in www.domainname/store

my host company told me to fill: https://server-name/~username/

in all the fields is that right.

Thanks

[Guest internetpilot]

Okay, for those facing the same problem that I am with running CubeCart on a shared SSL, here's what my particular issue turned out to be (direct from Brooky):

The problem is because your hosting environment doesn't put a value for $_SERVER["HTTPS"].



On most servers with https:// on $_SERVER["HTTPS"] will return 1 or "on".



You server doesn't have a variable to distinguish whether this is the case and thus CubeCart gets in a muddle.

This is good to know because it's something concrete that I can send to my host provider and see if they can rectify it so I can finally use (and pay for!) what I've personally determined to be the best shopping cart app for me!

After some changes were made to my sslSwitch.inc1.php file, SSL was finally working! Yeah! However, I was encountering the session problem described by Convict above, which I believe was addressed in v3.0.5 (which strangely enough is the version I have installed). I don't think that will be as much of a problem to solve as the original shared SSL problem though. Convicts suggestion will probably do the trick, and if not, I have also seen some other suggestions for the same problem here on the forums.

Anyway. Things are looking pretty good now, and I wanted to let anyone else in my situation know that there is a light at the end of the tunnel. It will be interesting to see what my host provider says about the above variable. Hopefully, they will correct the problem so I don't have to run a custom modified version of CubeCart, which is never a good idea for upgrades and known/unknown compatabilities.

A big thanks to Alistair "Brooky" Brookbanks for figuring this out and even providing a fix for it. I definitely owe the CubeCart folks a couple of registrations, leave the copyright notice displayed, and put some prominent banner advertisements for CubeCart in the finished store! They're definitely high up on my Christmas list, too! B)

[convict]

Yes brooky is right.

As a FIRST AID helps a small modification of sslSwitch.inc.php using $_SERVER['SERVER_PORT'] instead of $_SERVER['HTTS'] by checking for SLL port (mostly 443).

And $_SERVER['HTTS'] issue is quite a different as secure and non-secure domain are unequal.

[Guest internetpilot]

I'm currently trying to get my host provider, Netfirms, to make the change to their share SSL to allow for using that variable. I would much rather use a standard install of CubeCart to minimize possible problems in the future when applying upgrades. I don't want my store to die because I have to keep using the same custom modified module even after future upgrades.

I am still encountering a session problem where the shopping cart shows up empty. Convict, I take it the fix you posted above is only for v3.0.4? The same file in v3.0.5 does not have the same original code that you said needed to be replaced. I suspect this is due to v3.0.5 addressing this session issue, but I'm sure it's not working for me because of something to do with the custom mod or maybe the same reason that made the custom mod necessary?

-- Chris

[convict]

piece of code is below

<?php 

/*

+--------------------------------------------------------------------------

|   CubeCart v3.0.5

|   ========================================

|   by Alistair Brookbanks

|	CubeCart is a Trade Mark of Devellion Limited

|   (c) 2005 Devellion Limited

|   Devellion Limited,

|   Westfield Lodge,

|   Westland Green,

|   Little Hadham,

|   Nr Ware, HERTS.

|   SG11 2AL

|   UNITED KINGDOM

|   http://www.devellion.com

|	UK Private Limited Company No. 5323904

|   ========================================

|   Web: http://www.cubecart.com

|   Date: Thursday, 13 October 2005

|   Email: info (at) cubecart (dot) com

|	License Type: CubeCart is NOT Open Source Software and Limitations Apply 

|   Licence Info: http://www.cubecart.com/site/faq/license.php

+--------------------------------------------------------------------------

|	session.php

|   ========================================

|	Core Session Management	

+--------------------------------------------------------------------------

*/



if(!isset($config)){

	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";

	exit;

}



$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);

@ini_set("session.cookie_path",$sessionDomain);

session_start();



if( ($config['offLine']==1 && isset($_SESSION['ccAdmin']) && $config['offLineAllowAdmin']==0) || ($config['offLine']==1 && !isset($_SESSION['ccAdmin']))) {

	header("Location: offLine.php");

	exit;

}



$sessData["location"] = $db->mySQLSafe(currentPage());

$lkParsed = "PC9ib2R5Pg==PC9odG1sPg==";



if( !isset($_SESSION['ccUser']) && (isset($_COOKIE['ccUser']) || isset($_GET['ccUser'])) ){

	

	if(isset($_COOKIE['ccUser'])){

	

  $sessId = base64_decode($_COOKIE['ccUser']);

	

	} elseif(isset($_GET['ccUser'])){

	

  $sessId = $_GET['ccUser'];

	

	}

Code that i have mentioned is here CC3 v3.0.5

[Guest internetpilot]

Interesting. My session.inc.php file does not look like yours:

<?php 

/*

+--------------------------------------------------------------------------

|   CubeCart v3.0.5

|   ========================================

|   by Alistair Brookbanks

|	CubeCart is a Trade Mark of Devellion Limited

|   (c) 2005 Devellion Limited

|   Devellion Limited,

|   Westfield Lodge,

|   Westland Green,

|   Little Hadham,

|   Nr Ware, HERTS.

|   SG11 2AL

|   UNITED KINGDOM

|   http://www.devellion.com

|	UK Private Limited Company No. 5323904

|   ========================================

|   Web: http://www.cubecart.com

|   Date: Thursday, 13 October 2005

|   Email: info (at) cubecart (dot) com

|	License Type: CubeCart is NOT Open Source Software and Limitations Apply 

|   Licence Info: http://www.cubecart.com/site/faq/license.php

+--------------------------------------------------------------------------

|	session.php

|   ========================================

|	Core Session Management	

+--------------------------------------------------------------------------

*/



if(!isset($config)){

	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";

	exit;

}



$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);

@ini_set("session.cookie_path",$sessionDomain);

session_start();



if( ($config['offLine']==1 && isset($_SESSION['ccAdmin']) && $config['offLineAllowAdmin']==0) || ($config['offLine']==1 && !isset($_SESSION['ccAdmin']))) {

	header("Location: offLine.php");

	exit;

}



$sessData["location"] = $db->mySQLSafe(currentPage());

$lkParsed = "PC9ib2R5Pg==PC9odG1sPg==";



if( !isset($_SESSION['ccUser']) && (isset($_COOKIE['ccUser']) || isset($_GET['ccUser'])) ){

	

  if(isset($_GET['ccUser'])){



 $sessId = $_GET['ccUser'];



} elseif(isset($_COOKIE['ccUser'])){



 $sessId = base64_decode($_COOKIE['ccUser']);

As you can see, it appears that in my v3.0.5, the change you're recommending has already been made, yet the session problem still persists. When I add an item to the shopping cart, it displays in the cart box, but when I click "View Cart" it goes to my SSL site like it should but displays a message that shopping cart is empty.

Looks like this still is not going to work for me, darn it. I'll keep dinking. Any advice would be much appreciated.

-- Chris

[Guest internetpilot]

Well, it looks like I'm dead-ended again. My host provider was trying to be helpful, but ironically they ended up referring me back to the CubeCart forum...directly to this very thread which I started (haha). They then replied that they basically do not offer a shared SSL configuration that satisfies what CubeCart is looking for. Maybe they'll offer it in the near future as more and more people find CubeCart and (like me) find it a much more appealing cart than others that are available.

Oh, well. Thanks to everyone for trying. I'll continue to watch the forums and future upgrades in hope that someone gets it working with a shared SSL and/or a future version is released that is more shared SSL friendly.

-- Chris

[convict]

internetpilot

buy certificate or change provider ;)

[Guest internetpilot]

internetpilot

buy certificate or change provider

Can't do it -- my host provider is just too reliable and well reputed/reviewed on all other aspects. They don't support dedicated SSL without upgrading to their much more expensive commercial level hosting service, which would be overkill for me at this time. Unfortunately, they have a point when they tell me that all other popular carts work fine with their hosting. Despite that I personally feel that CubeCart is head and shoulders above the rest, I just can't switch host providers when I also feel that my host provider is head and shoulders above the rest. The best shopping cart is nothing without a good host provider, whereas you can get by with a mediocre shopping cart and an excellent host provider. The host provider is definitely the most important part of the equation. I'm still regretting the one time I ventured away from my current host provider -- ended up witha 70% uptime stat and eventually having two domain names stolen. I don't venture "off the reservation" anymore!

-- Chris

[convict]

my host provider is just too reliable and well reputed/reviewed on all other aspects. They don't support dedicated SSL

Really? dooh

they have a point when they tell me that all other popular carts work fine with their hosting

cant believe it.

In spite of my comments above - NO COMMENT

[Guest overdrive]

Hi folks,

Another newby trying out the cart before implimenting in live sites. I agree that against many carts I've seeked out CC is very attractive hence worth a little work.

I am getting this error in the address bar after registering and logging in and clicking the 'homepage', 'test product' or 'sales item':

http://pixel8design.co.uk/cc/secure/pixel8design/index.php?&ccUser=

 The store index.php should come after /cc/ but the link adds 'secure/' and doubles back to the pixel8design bit.



I am using shared SSL and like previous poster, impelled to stay with my present, super fast hi quality server space (i've used some real dogs). My admin settings are:

Root Secure Public HTML Folder: /cc/

Absolute Secure URL to Store: https://pixel8design.co.uk/cc

Server Secure Root Directory: /home/url/username/htdocs/cc

I've also tried an alternative and longer version of the second line

'https://server.server-url/secure/pixel8design/cc'

but without any change to the result. Does anyone know why it is repeating some parts of the address?

Any help would be hugely appreciated.

Cheers TC

[Guest internetpilot]

my host provider is just too reliable and well reputed/reviewed on all other aspects. They don't support dedicated SSL

Really? dooh

they have a point when they tell me that all other popular carts work fine with their hosting

cant believe it.

In spite of my comments above - NO COMMENT

Hmm...not getting notified of responses to this thread anymore(?)

Actually, I should elaborate on the "all other popular carts work fine with their hosting" statement. I can definitely believe it because I've tried OSCommerce, Zen-Cart, X-Cart, and CubeCart. All of them except CubeCart work fine on their shared SSL.

For the PHP techies and CubeCart gurus out there, what is it about CubeCart that makes it not work when all these others do? It's killing me! I really want to use CubeCart, but I'm at the point now where I just cannot because it simply does not work with a shared SSL. It's a shame, too, because there are far more people on the internet using virtual/shared hosting, shared SSLs, etc., than there are people doing the co-location thing where they're running their own servers. One would think CubeCart would want to appeal to as many customers as possible. I mean, there are pretty old versions of OSCommerce floating around out there, running on virtual hosting and a shared SSL. If it's simply not a priority to support the shared SSL users...well...that's the way it is. But it just seems like CubeCart is passing on a lot of potential customers since that's the majority of the hosting customers.

Just my 2 cents. Now I have to...sniff...go back to configuring my (YAWN) OSCommerce install...zzzzzzzzzzzzz...just ain't as pretty and organized as CubeCart. Hey, maybe I can find an OSCommerce template that converts it to look and act like CubeCart?! B)

[convict]

Im using virtulal web hosting and shared SSL works fine with CC3. Everything depends to varios system settings which are NOT configurable by clients. How many hosting company so many solutions.

In this time im testing Vserver hosting. Vserver is like a dedicated server. Vservers are running on robust hardware and they are independent/isolated each other and main advantage is that you have anything under control (SSH root access) - but you have to be familiar with a unix systems.

[Guest internetpilot]

Im using virtulal web hosting and shared SSL works fine with CC3. Everything depends to varios system settings which are NOT configurable by clients. How many hosting company so many solutions....

Well, that's sort of my point. There are a lot of different host providers, many different configurations, yet most (if not all) of the other shopping carts work fine with them. Isn't there something that can be done with the CubeCart code to make it a little more generic in its environment requirements for shared SSL?

Obviously it's the application that needs to be changed rather than an entire hosting environment. I don't know of a single host provider (of any significant size) who is going to make such global changes to get one app working for one customer. Even if a lot of customers jumped on the CubeCart "bandwagon", if I was a host provider I would be hesitant to make a global environment change for one application when there are other similar applications that work fine with the current environment settings.

-- Chris