rob_dewing Posted January 2, 2018 Share Posted January 2, 2018 We've installed an SSL cert on a Cubecart site. In the admin interface at Store Settings > SSL we have selected Enable SSL = Yes but the site won't change the displayed protocol in the Store URL box on the same page, if you enter https://www.ronline.com it just reverts to http://www.ronline.com when saved. However then having saved the settings, front end of the site is happily displaying HTTPS, green padlock etc. and if you try to call a front end page using HTTP it redirects to the HTTPS version. On the admin side though pages will running under HTTP without redirecting to HTTPS, which the store owner is not happy with. If I modify the URL of a displayed HTTP admin page in the browser bar to call the HTTPS version, it loads the page, and when you navigate around the admin side from that HTTPS address, the subsequent pages are all HTTPS. Equally if you navigate admin from a nonsecure HTTP page, then all pages remain HTTP. Surely it should be redirecting to HTTPS in every case? Do I simply need to add an HTTP to HTTPS redirect rule in .htaccess or is there something more fundamental going wrong? Quote Link to comment Share on other sites More sharing options...
bsmither Posted January 2, 2018 Share Posted January 2, 2018 This is normal behavior. In the distant past, selecting Enable SSL would force SSL. In some instances, this caused some problems (not necessarily because of CubeCart). From admin, log out. On the admin login screen, be sure to first click the padlock (above the Username field) so that it is locked. Then login. (According to CubeCart's demo installation, once logged in under SSL, manually changing the link to non-SSL will get you a second login page - apparently a second session. Weird.) Quote Link to comment Share on other sites More sharing options...
rob_dewing Posted January 12, 2018 Author Share Posted January 12, 2018 Thanks so much for clarifying this, it works perfectly now that I know about it. There are sometimes things about Cubecart which could be more thoroughly documented. Or maybe it's my lack of observation - I'd never noticed that the padlock is actually clickable. I thought it was just a status indicator. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted January 13, 2018 Share Posted January 13, 2018 Simply add a directive into .htaccess to force a redirect from http to https and then all pages on front end and back end will be https Ian Quote Link to comment Share on other sites More sharing options...
rob_dewing Posted January 13, 2018 Author Share Posted January 13, 2018 Thanks. I'm getting default to HTTPS fine on the front end. But I will add a redirect line in htaccess to force it across the board I think. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.