Guest gwizard Posted December 21, 2005 Share Posted December 21, 2005 Hi, I have a shared certificate for ssl at my hosting company and trying to setup CC to use it. I have defined all the neccesary variables in admin, but I have a couple of problems. 1. When logging in, selecting product to buy and going to cart - session cookie is set to domain. The domain changes, becouse it's shared ssl and therefore when user goes to cart he is not logged in and there is no products to buy. 2. I removed the useSSL = 1 in all pages except cart?step5 (which is where it is needed most), but same thing happenes there as well. Even PUT vars dissapear :-( 3. I want to use SSL for my Credit Offline Mod that I've built, but it seems I need to change something in order for the cookie be recognized on both domains. What do I do ? Help ? :innocent: Quote Link to comment Share on other sites More sharing options...
Guest gwizard Posted December 22, 2005 Share Posted December 22, 2005 Is there noone who can help me ?! ;) Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted December 22, 2005 Share Posted December 22, 2005 Hi All, I would be interested in more info on this too. I basically decided that I would need to get my own SSL cert as shared was going to be a config nightmare before christmas? and after christmas for that matter... Anyone? Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted December 22, 2005 Share Posted December 22, 2005 Cookies can't be writen for two domain two seporate cookies can be writen for each domain but that would take alot of work... Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted December 22, 2005 Share Posted December 22, 2005 So, Is it safe to say that if the hosting companies shared SSL uses a different domain then it won't work with Cubecart? Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted December 22, 2005 Share Posted December 22, 2005 Not out of the box no... Cubecart is not really built for Shared SSL as they are in a sence going againt the idea of SSL in its self, SSL is ment to prove the identity of the domain owner which shared SSL doesn't do... Modification can be made and by the sound of things should be made, but they are to come... Quote Link to comment Share on other sites More sharing options...
Guest gwizard Posted December 22, 2005 Share Posted December 22, 2005 Well, actually it's pretty easy to make 2 cookies for 2 different domains. You just replicate the set_cookie in the session.inc.php and sessionStart.inc.php with different domains. Pity it doesn't work in this case as refresh needed for the cookie to kick in. Quote Link to comment Share on other sites More sharing options...
Guest dashbrookins Posted December 22, 2005 Share Posted December 22, 2005 Check some of the other threads on shared ssl with Cube Cart and you won't find much in the way of assistance. As a previous poster said I don't think Cube Cart is set up to work with Shared SSL's at all. I gave up on getting assistance. I just will be using Cube Cart for my store and Mals for the secure processing until which time I decide to get my own certificate. But when that happens I may end up using a different e-commerce solution. Hopefully a new version of Cube Cart will address this but until then it's Mals and Cube Cart for me. -Dash Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted December 22, 2005 Share Posted December 22, 2005 Thanks, seems to be the general view shared by most people.... Quote Link to comment Share on other sites More sharing options...
Guest gwizard Posted December 22, 2005 Share Posted December 22, 2005 The most annoying thing is, in my searches on Google I did found that other shopping cart have workarounds for that. osCommerce has it. And even a nifty little bugger called mambo-phpshop which is pretty, open source but very complicated to maintain. I will look into what the others have done and try crack this on my own. Who knows, maybe at the end I will write my own e-commerce app :-) Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted December 22, 2005 Share Posted December 22, 2005 oh oh wizardcart! Quote Link to comment Share on other sites More sharing options...
Guest eiger Posted December 22, 2005 Share Posted December 22, 2005 As per my nightmarish experience the shared solution consists in asking the network admin to add a line to your Apache configuration file which will automatically look at the remote IP address and set the environmental variable 'HTTPS' to 'on' if the request came from the shared certif address. Quote Link to comment Share on other sites More sharing options...
Guest gwizard Posted December 23, 2005 Share Posted December 23, 2005 And what would that do ?! There is no problem in activating SSL, there is a problem in keeping him that way :-) I have a setup where my dir on the server for ssl is the same as regular (after special request). Now, I have put the double cookie fix that I mentiond above and enabled SSL only for step5 in the cart (payment). Client can browse the shop freely with no ssl and when he orders something he will go to the cart, where at the step5 he will seamlessly go to SSL and forget everything about who he is and what he ordered. There is a rater simple fix to that (read in osC forums) and that is to put PHPSESSIONID in the url as GET when going to SSL. That, of course, poses security threat becouse if the client on a proxy (nice green proxy, lol) then the proxy admin can see the sessionid and impersonate as client, gaining info in him. I am pretty shure there is a better way, maybe to combine this method with some other trick. Any thoughts on that, you PHP guru's ? :D Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted December 23, 2005 Share Posted December 23, 2005 Im currently working on a double cookie post, but its not that simple, cookies are writen for many diffrent things in many diffrent area's its not just one PHPSESSION cookie, the language in use is also stored in a cookie so is the cart contents and so is alot more... My main pose is i need someone with a Shared SSL that i trust to beta test this... Quote Link to comment Share on other sites More sharing options...
Guest gwizard Posted December 23, 2005 Share Posted December 23, 2005 My main pose is i need someone with a Shared SSL that i trust to beta test this... I offer myself to be your guinnie pig Whether you trust me or not is for you to decide. Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted December 23, 2005 Share Posted December 23, 2005 Dont know you to trust you, ill have to break one of my clients Stores im afraid... Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted December 30, 2005 Share Posted December 30, 2005 Hi All, I have just bought a SSL cert from my host. They seem to have it up as https://secure.mysite.com Is this going to cause the same problem as shared SSL? Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted December 30, 2005 Share Posted December 30, 2005 no dedicated SSL certificates will work properly aslong as you enter the correct settings... Quote Link to comment Share on other sites More sharing options...
Guest timecrisis Posted December 30, 2005 Share Posted December 30, 2005 Hi akido, So https://secure.mysite.com is a dedicated SSL cert? Thanks, the sub-domain path just worried me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.