Jump to content

SSL and Shared Certificate

Guest gwizard

By Guest gwizard
in Technical Help

 Share

Recommended Posts

Guest gwizard

Guest gwizard

Posted
Posted

Hi,

I have a shared certificate for ssl at my hosting company and trying to setup CC to use it.

I have defined all the neccesary variables in admin, but I have a couple of problems.

1. When logging in, selecting product to buy and going to cart - session cookie is set to domain. The domain changes, becouse it's shared ssl and therefore when user goes to cart he is not logged in and there is no products to buy.

2. I removed the useSSL = 1 in all pages except cart?step5 (which is where it is needed most), but same thing happenes there as well. Even PUT vars dissapear :-(

3. I want to use SSL for my Credit Offline Mod that I've built, but it seems I need to change something in order for the cookie be recognized on both domains. What do I do ?

Help ? :innocent:

Link to comment
Share on other sites

Guest timecrisis

Guest timecrisis

Posted
Posted

Hi All,

I would be interested in more info on this too.

I basically decided that I would need to get my own SSL cert as shared was going to be a config nightmare before christmas?

and after christmas for that matter...

Anyone?

Link to comment
Share on other sites
Guest aikdo

Guest aikdo

Posted
Posted

Not out of the box no... Cubecart is not really built for Shared SSL as they are in a sence going againt the idea of SSL in its self, SSL is ment to prove the identity of the domain owner which shared SSL doesn't do...

Modification can be made and by the sound of things should be made, but they are to come...

Link to comment
Share on other sites
Guest gwizard

Guest gwizard

Posted
Posted

Well, actually it's pretty easy to make 2 cookies for 2 different domains.

You just replicate the set_cookie in the session.inc.php and sessionStart.inc.php with different domains.

Pity it doesn't work in this case as refresh needed for the cookie to kick in.

Link to comment
Share on other sites
Guest dashbrookins

Guest dashbrookins

Posted
Posted

Check some of the other threads on shared ssl with Cube Cart and you won't find much in the way of assistance. As a previous poster said I don't think Cube Cart is set up to work with Shared SSL's at all. I gave up on getting assistance. I just will be using Cube Cart for my store and Mals for the secure processing until which time I decide to get my own certificate. But when that happens I may end up using a different e-commerce solution. Hopefully a new version of Cube Cart will address this but until then it's Mals and Cube Cart for me.

-Dash

Link to comment
Share on other sites
Guest gwizard

Guest gwizard

Posted
Posted

The most annoying thing is, in my searches on Google I did found that other shopping cart have workarounds for that. osCommerce has it. And even a nifty little bugger called mambo-phpshop which is pretty, open source but very complicated to maintain. I will look into what the others have done and try crack this on my own.

Who knows, maybe at the end I will write my own e-commerce app :-)

Link to comment
Share on other sites
Guest eiger

Guest eiger

Posted
Posted

As per my nightmarish experience

the shared solution consists in asking the network admin to add a line to your Apache configuration

file which will automatically look at the remote IP address and set the environmental variable 'HTTPS' to 'on' if the request came from the shared certif address.

Link to comment
Share on other sites
Guest gwizard

Guest gwizard

Posted
Posted

And what would that do ?!

There is no problem in activating SSL, there is a problem in keeping him that way :-)

I have a setup where my dir on the server for ssl is the same as regular (after special request).

Now, I have put the double cookie fix that I mentiond above and enabled SSL only for step5 in the cart (payment).

Client can browse the shop freely with no ssl and when he orders something he will go to the cart, where at the step5 he will seamlessly go to SSL and forget everything about who he is and what he ordered.

There is a rater simple fix to that (read in osC forums) and that is to put PHPSESSIONID in the url as GET when going to SSL. That, of course, poses security threat becouse if the client on a proxy (nice green proxy, lol) then the proxy admin can see the sessionid and impersonate as client, gaining info in him.

I am pretty shure there is a better way, maybe to combine this method with some other trick.

Any thoughts on that, you PHP guru's ? :D

Link to comment
Share on other sites
Guest aikdo

Guest aikdo

Posted
Posted

Im currently working on a double cookie post, but its not that simple, cookies are writen for many diffrent things in many diffrent area's its not just one PHPSESSION cookie, the language in use is also stored in a cookie so is the cart contents and so is alot more... My main pose is i need someone with a Shared SSL that i trust to beta test this...

Link to comment
Share on other sites
Guest gwizard

Guest gwizard

Posted
Posted

My main pose is i need someone with a Shared SSL that i trust to beta test this...

I offer myself to be your guinnie pig :D

Whether you trust me or not is for you to decide.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...