Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Problem...


ursulab2

Recommended Posts

Dave,

 

Thanks for testing

 

I have tested the site with at least 8 computers so far. +3-4 remote people tested. One of the consultants I asked help confirmed that it's not working and it's because of the SSL patch Microsoft integrated lately. If the patch is not installed, the site works fine. I will try to report this as a bug as long as developers may take it into consideration.

 

Thanks everyone for the help. Still I can't trust the site with SSL since it only works for some people and does not work for some other. Either I will go without SSL or cancel the project :(

 

Regards,

Maeve

Link to comment
Share on other sites

I submit this as a bug. In my case it's %100 because of that SSL patch. I will see what the developers will say. Thanks again everyone. I will try to fix this 2 more days and than quit :(

 

I wish good luck to anyone having the same problem.

 

Maeve

Link to comment
Share on other sites

It definitely is not an SSL issue in my case beacuse I have SSL disabled. I have tested the shop on Windows 2000 Windows 98SE and 2 XP machines. On the 98SE and my XP machine it does not work. No info gets posted from the order_info page. On the other XP machine and the Windows 2000 machine it does work. All machines are up to date with patches too. This just makes no sense to me.

It must be the PWA conbtribution, as it is the only way to check out of my shop, but on some machines it works.

If anyone has a clue please let me know.

 

Thanks

Link to comment
Share on other sites

  • 2 weeks later...

Hi everyone,

 

Has there been any resolution on the SSL issue?

 

After I had my host install a new certificate I began to have problems logging in as a customer on my site. The problems compound if I set the entire site to SSL using https for the http server in configure.php.

 

Odd thing occurs if I use the shared certificate made available by my host: no problems occur.

 

So I think it has to do with the new certificate only.

 

Interestingly, the problem with the new certificate only appears to happen in IE. Mozilla, Netscape and Opera appear to work fine.

 

So something is occuring with the new certificate as it interacts with IE. I tried "installing the certificate" in IE using File/Properties/Certificates/Install in IE but that had no effect.

 

I think it has to do with session cache or timeouts somehow but am not sure. I think this is the case because every once in awhile, after a few minutes of inactivity (perhaps after emptying cookies and files) I am able to login through IE.

However, if I quickly logout and then back in, the error message pops up again.

 

Error: No match for E-Mail Address and/or Password.

 

Digging a little deeper into the problem it appears to matter where the cursor is on the page when the information is submitted to sign in, ... sometimes. If I fill the form and hit 'Enter' on the keyboard while using IE I get the error. If I fill the form using a form filler (Roboform) and then just click on 'Sign in' it occassionally logs right in.

 

In either case if I get the error and then hit refresh, I find myself in my account -

as if the login had worked and that the error was reported incorrectly.

 

It almost sounds like the new certificate may be encoding things in such a way as to cause problems for IE, such that it is misidentifying information upon submission. Refreshing may be clearing the problem and allowing login to proceed.

 

As I have said this is not an issue for me in other browsers.

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

Hi sam6,

 

Are you referring to the cookie path or domain?

 

You say 'cookie path' in your statement but show domain in your list.

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

sorry

 

define('HTTP_SERVER', 'http://www.you.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.you.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.you.com');

define('HTTPS_COOKIE_DOMAIN', 'www.you.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

Sam,

 

Those are the settings I am already using.

 

As I said, this is only a problem in IE, particularly IE 6. Other browsers don't seem to suffer the same problem.

 

Also, my settings work fine with the shared certificate but not the dedicated one I purchased.

 

Thanks for the input.

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

i wonder if all your problems are due to the cookie path

 

http_server', 'https://www.you.com"

https_server', ' https://www.you.com"

http_cookie_domain', '/'

https_cookie_domain', '/'

 

this is how i have them set all is well

I think this set-up is the best.

 

Set both the http and the https cookie domains to '/'

 

This is something I let slide while I was working on other things and I'd often get the session ID in the URL for some time till the system "adjusted" then it would go away. I always meant to try this way, I just now did and it's better.

 

I just changed the cookie domains to simply '/' and the session ID has disappeared.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I tried it.

 

End result: no effect.

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

My problem with SSL has been resolved.

 

The problem is with Internet Explorer 6 and as others have noted particularly with the KB832894 patch.

 

Microsoft was aware of the issue and has issued a fix for the problem. It does not come up if you go to windows updates because it has not yet been added to a general security update event.

 

You can obtain the fix by searching Microsofts site for information on the patch named above or by using the following link:

 

http://support.microsoft.com/default.aspx?kbid=831167

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

Hello all,

 

I have the same ssl problum replicated on my installation at devl.newindo.com. I think I know the problum but don't know how to solve it.

 

my http server : http://devl.newindo.com

my https server : https://ipowerweb.com

 

Now the issue,

 

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/~newindoc/web-cartv2/catalog/');

 

The problum comes when I try to access ssl, it takes the DIR_WS_HTTP_CATALOG value instead of taking the correct DIR_WS_HTTPS_CATALOG value.

 

Can some please tell me how to rectify this.

 

SSD

Link to comment
Share on other sites

For both the http and https catalog settings I have '/'. I should say that I have all my catalog files in the root so that the catalog reference does not appear in any of my urls.

 

My SSL is working fine. Here is an example of my settings at the top of the includes/configure.php file:

 

define('HTTP_SERVER', 'http://www.mydomain.com');

define('HTTPS_SERVER', 'https://www.mydomain.com');

define('ENABLE_SSL', 'true');

define('HTTP_COOKIE_DOMAIN', 'http://www.mydomain.com');

define('HTTPS_COOKIE_DOMAIN', 'https://www.mydomain.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

I have a dedicated SSL certificate for my domain. If I was using a shared certificate, as I did when I was testing the site, the only differences would be in the HTTP_SERVER and HTTPS_COOKIE_DOMAIN settings. These would have absolute urls like those above except they would point to a page via a secured server that my host provides.

 

For my host (ipowerweb as well), they would look something like this:

 

define('HTTPS_COOKIE_DOMAIN', 'https://host###.hostname.com/~username/');

 

In your case hostname is ipowerweb. host ### is 'host' plus the number of the server that ipowerweb emailed you originally. Check the registration emails they sent you if you don't already know it. Your username is ~newindoc.

 

 

 

So, try to match these settings for your server.

For your 'DIR_WS_HTTPS_CATALOG' settings I would try something like this:

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

If it really is in a sub, subdirectory as you have it make sure that your settings reflect that where appropriate. However, you have to realize that file locations will be appended to the absolute urls listed in the configure.php file. If all files will have a certain portion of the url in common (as I have listed above) that is the piece that needs to be in the config file.

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

For both the http and https catalog settings I have '/'. I should say that I have all my catalog files in the root so that the catalog reference does not appear in any of my urls.

 

My SSL is working fine. Here is an example of my settings at the top of the includes/configure.php file:

 

define('HTTP_SERVER', 'http://www.mydomain.com');

define('HTTPS_SERVER', 'https://www.mydomain.com');

define('ENABLE_SSL', 'true');

define('HTTP_COOKIE_DOMAIN', 'http://www.mydomain.com');

define('HTTPS_COOKIE_DOMAIN', 'https://www.mydomain.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

I have a dedicated SSL certificate for my domain. If I was using a shared certificate, as I did when I was testing the site, the only differences would be in the HTTP_SERVER and HTTPS_COOKIE_DOMAIN settings. These would have absolute urls like those above except they would point to a page via a secured server that my host provides.

 

For my host (ipowerweb as well), they would look something like this:

 

define('HTTPS_COOKIE_DOMAIN', 'https://host###.hostname.com/~username/');

 

In your case hostname is ipowerweb. host ### is 'host' plus the number of the server that ipowerweb emailed you originally. Check the registration emails they sent you if you don't already know it. Your username is ~newindoc.

 

 

 

So, try to match these settings for your server.

For your 'DIR_WS_HTTPS_CATALOG' settings I would try something like this:

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

If it really is in a sub, subdirectory as you have it make sure that your settings reflect that where appropriate. However, you have to realize that file locations will be appended to the absolute urls listed in the configure.php file. If all files will have a certain portion of the url in common (as I have listed above) that is the piece that needs to be in the config file.

Thanks a ton, I got the jist of your suggestion and it's working liske a dream,

 

What I have done is to make both

 

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

and

 

define('HTTP_SERVER', 'http://store.newindo.com');

define('HTTPS_SERVER', 'https://hostxxx.ipowerweb.com/~newindoweb-cartv2/catalog/');

 

This imply bypasses the { define('DIR_WS_HTTP_CATALOG', '/'); & define('DIR_WS_HTTPS_CATALOG', '/'); } as they now refer to root dir.

 

Thanks again .

 

SSD

Link to comment
Share on other sites

url: www.equalairus.com

 

I am having the same issue. I've been killing myself over this for a few weeks and just decided recently that it was probably an SSL issue. I've not tried to disable SSL yet, but will in a minute. Same unpredictability here though. Some machines work fine, some do not....

 

Problems are showing up:

1-while logging in as a current user

2-while registering as a new user

3-while editing account information

4-while checking out

 

Basically, form submissions are not occurring properly. A screen refresh will display the completed form properly- re-submitting the form will cause it to return blank again...

 

:(

 

Any help at all would be great!

 

Dan Wrubel

Link to comment
Share on other sites

  • 1 month later...
url: www.equalairus.com

 

I am having the same issue. I've been killing myself over this for a few weeks and just decided recently that it was probably an SSL issue. I've not tried to disable SSL yet, but will in a minute. Same unpredictability here though. Some machines work fine, some do not....

 

Problems are showing up:

1-while logging in as a current user

2-while registering as a new user

3-while editing account information

4-while checking out

 

Basically, form submissions are not occurring properly. A screen refresh will display the completed form properly- re-submitting the form will cause it to return blank again...

 

:(

 

Any help at all would be great!

 

Dan Wrubel

Yea it looks like this fixed my problem which is exactly like you describe here:

 

see the post:

 

http://www.oscommerce.com/forums/index.php?sho...ndpost&p=356107

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...