Jump to content

Forced SSL Sitemap with http:// url's


Dirty Butter

Recommended Posts

I finally applied our SSL certificate today, and was pleased to see that it worked. I was advised on PayPal that my logos used with their site should be in secure folders, and received the same advice from Comodo about their Site Certificate icon.

 

I decided to force SSL, and was very pleased with the site so far.

 

But an odd thing happened in the Sitemap.

<loc>http://dirtybutter.com/plushcatalog/index.php</loc>
  <lastmod>2013-11-02T15:43:33-05:00</lastmod>
 </url>
 <url>
  <loc>http://dirtybutter.com/plushcatalog/index.php?_a=saleitems</loc>
  <lastmod>2013-11-02T15:43:33-05:00</lastmod>
 </url>
 <url>
  <loc>http://dirtybutter.com/plushcatalog/index.php?_a=certificates</loc>
  <lastmod>2013-11-02T15:43:33-05:00</lastmod>

 

PS to Al:

 

I understand why you don't allow small words in Search, but common terms like SSL should somehow be allowed.

Link to comment
Share on other sites

I was very pleased to see that adding this redirect to my htaccess has worked to make our old http addresses automatically change to https! Posting here, since I can't find an appropriate SSL post to see if it's already been discussed elsewhere:

RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Link to comment
Share on other sites

Any particular reason why you want to force SSL on every page ? Little or no benefit and makes the whole site noticeably slower which affects customer usage and also your Google rankings.

As far as 3 letter searches, this is actually a restriction of standard MySQL configuration - it can be changed at a server level but can put a lot more stress on the MySQL server so unless you run on your own server (when you still need to determine whether the benefit outweighs the extra load) it is unlikely that your hosting company will make this change

Thanks

Ian

Link to comment
Share on other sites

I'll do some testing on the speed, but as I said - as a customer without forced SSL- if I clicked on a secure page and then clicked on the HOME link in the documents bar at the top of our plush animal shoppe - I saw the header, footer, and sidebars and a blank center. If I clicked on Home in the Category box, I was correctly taken to the homepage.

 

Any idea why the sitemap for the forced SSL site did not have https for the homepage, sales items, and certificates???

 

On the SSL Search request to Al, I was speaking of the forum here. We don't have the Google Search option on this forum, so it's basically impossible to find information about SSL on previous posts. If there's no way to have a list of words that could be an exception - maybe there should be a Forum Section for SSL discussions.

 

There may be other terms that would benefit from such search help, but I can't think of any offhand.

Link to comment
Share on other sites

SSL inurl:forums.cubecart.com works on Yahoo, too! I wish I'd known about this way of searching a long time ago. Thanks, as always, Bsmither. I've never been in the habit of tagging, but I see its importance and will try to do better.

 

Now, still no thoughts on the odd behavior of the Document HOME link vs the Category/Breadcrumb Home link when NOT on forced SSL?? And the odd Sitemap behavior of those url's that did not get https when SSL was forced?

Link to comment
Share on other sites

"The odd Sitemap behavior of those url's that did not get https when SSL was forced?"

 

There is code in the SEO->sitemap() function that says to use the non-SSL (non-HTTPS) store address, regardless of the current protocol being used (as in, for the admin login, the admin screens are under SSL).

 

Why do you believe that forcing SSL for all pages is a necessary thing? Specifically, why do you believe sending Product, Category, and Document pages using SSL is necessary?

Link to comment
Share on other sites

Your Plush Animals shop is using a third-party skin, and while I am confident that fact has no bearing on the issue, I would actually like to verify the behavior with a stock skin. (Your Estates store URL isn't in your Profile.)

 

But either HOME link takes me from the Login page to a fully populated Homepage. (Unless you just now switched from some SSL pages to all SSL pages.)

Link to comment
Share on other sites

Well, first off - because I ran into trouble with what happened clicking around on our site.

 

Secondly, we're a very small business selling what many normally buy on eBay. I know my own attitude as an online customer on an unfamiliar site - I really LIKE seeing that padlock on all the pages of the site. I have a sense that many of our potential customers feel the same way.


I can't test on the estates shop for SSL, as that's a different domain. I haven't been able to get urls in my sig since dropping being a Moderator. I've asked for help on that a couple of times, with no luck so far.

 

So it works on a stock skin? Then I'll put in a support ticket with ShopDev. But I may decide to stay with the forced, anyway. I did a speed test with and without, and found almost no difference. We have Turbo installed, which may be why our site worked out that way.


 

But either HOME link takes me from the Login page to a fully populated Homepage. (Unless you just now switched from some SSL pages to all SSL pages.)

I WAS switching back and forth between forced and not forced just now, as I was comparing speeds.

Link to comment
Share on other sites

Odd behavior to say the least for me. When I clicked on Storefront Status link from Admin - I get header and sidebars, but no middle.

 

Debug results:

 

[Notice] /home3/butter01/public_html/plushcatalog/classes/ssl.class.php:148 - Undefined index: _g
[Notice] /home3/butter01/public_html/plushcatalog/classes/ssl.class.php:148 - Undefined index: _g
[Notice] /home3/butter01/public_html/plushcatalog/classes/ssl.class.php:174 - Undefined index: _g

[Notice] /home3/butter01/public_html/plushcatalog/classes/seo.class.php:194 - Undefined index: path
[Notice] /home3/butter01/public_html/plushcatalog/index_enc_ion.php:7 - Undefined property: GUI::$disableJS

 

Then I clicked on Document Home - Debug notices did not change, but Latest Products shows. Closed site, opened again from Admin, again products missing. Clicked on Category Home - products showed.

 

Then tested for secure back to Home situation by clicking on logo:

 

Same thing that happened with Fusion skin - no products.

 

http - //dirtybutter.com/plushcatalog/plushcatalog/index.php?PHPSESSID=55cc9961e064954e5fb7ce548f412091 (proper http: removed so it would all show)


So I'm going back to my skin with forced SSL at least for now.

Link to comment
Share on other sites

Good to know the Debug notices were not important. So any suggestions about how to get from a secure page back to home consistently on a non-forced SSL? What's causing the sessionid to be appended to the http url that way when going to home from the registration page when SSL is not forced?.

Link to comment
Share on other sites

I just installed a "self-signed" certificate on my local server. So, I will try to replicate your problem, shortly.

 

I'm not completely clear why PHP (or, could be the web server, I don't know) uses the querystring part of the URL to pass along the session id (which otherwise is a cookie).

Link to comment
Share on other sites

If I refresh the page, the session id disappears, and the page loads normally, with products showing. Maybe that's a clue, and maybe not. But no customer would do that, or should have to, to make the site work properly. I appreciate your time working on this, as I do realize having all pages secure is shooting at a gnat with a cannon.

 

I would prefer my decision be based on my intuition about our customers, not because forcing is the only way to get the site to work properly.

Link to comment
Share on other sites

Well, I gave up on forcing SSL on all the pages. I was inclined to do it, because I thought our customers would be more comfortable buying from us. But, as it turns out, I'm having more trouble getting Google to index the site and create Data Highlighting with it set that way. That negates any positive, as without Google Search our potential customers would never know we were there.

 

Anyway, on further inspection, I've realized the issue is that after being on a secure page, ALL the Documents have a url of https, but they should be http. Click on the Category Home and then all is as it should be. We've already tried my kurouto skin, with the same results, so I need help finding where the problem is with my setup.

Link to comment
Share on other sites

My impression at this point with the code is that when CubeCart is constructing the URLs (making them SEO-type or not), the URLs are all constructed the same way, using the same protocol. That is, even though CubeCart has a list of pages that always need to be delivered by SSL, that list is not examined during the URL constructing process.

 

So, when viewing an SSL page, all the links will have HTTPS. When CubeCart receives a request for a page, and the request came in with HTTPS, if that page is not in the list of SSL-required pages (and Force SSL is off), CubeCart will send a 302 redirect to the browser to re-request the page using HTTP. (It is at this point where somebody -- PHP or CubeCart or your browser -- adds the PHPSESSID to the querystring).

 

This does not explain why CubeCart loses, or gets confused, on what it is supposed to show in the "main" content area.

Link to comment
Share on other sites

I agree that just "showing" the https url on hover while I'm still on Register is not as disturbing as I thought last night. I noticed that the url on our Special Occasion Chirstmas section in the right sidebar ALSO shows https while I am on the Register page, BUT on clicking it correctly sends me to the http page of Christmas items.

<a href="{$STORE_URL}/christmas-plush.html" title="Christmas">
	  <img src="{$STORE_URL}/images/source/nativity.jpg" width="100" alt="Christmas Plush" />
	</a>

Documents and the RSS feed links do NOT resolve to http, however.

 

I have sent this issue to ShopDev, just in case it is somehow skin, Turbo, or Fusion related.

Link to comment
Share on other sites

I have discovered that going back to unforced SSL isn't that obvious. The Google Export still shows https on the current feed, as does the current Sitemap, even though I've deleted all cache and rebuilt Sitemap.

 

Oh dear me! Is this the way it should be? I am so totally confused, and I apologize that this thread has been so confusing, too, thanks to all my attempted twists and turns.

Link to comment
Share on other sites

MY plushcatalog sitemap.xml.gz is in /plushcatalog. It does not end up at dirtybutter.com.

 

I FTP the plushcatalog sitemap.xml.gz to my computer, then extract the plushcatalog sitemap, and then copy the xml file back into /plushcatalog. I have pointed Google to that sitemap.xml for plushcatalog. (I do the extra steps so I can create the proper sitemap at dirtybutter.com - see below)

 

I then copy/paste the contents of the xml version of the plushcatalog sitemap into the dirtybutter root sitemap.xml file, which contains additional page urls to other dirtybutter.com pages. Google makes you jump through hoops to get everything where THEY want it, and I'm about ready to stop even trying to please them!

 

BUT I DO need to get rid of that Session ID appended to the url on HOME, and also I've discovered on the RSS feed. All other url's seem to be OK. But I'm still concerned about the Sitemap Rebuild, which creates https urls for products. I am NOT forcing SSL. Both HOME and the RSS icon url's begin with <a href="{$STORE_URL}/ .

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...