News:

Support the VirtueMart project and become a member

Main Menu

Problems with SSL

Started by sscheidegger, February 10, 2012, 16:17:02 PM

Previous topic - Next topic

sscheidegger

Hi

I'm facing problems when using the force SSL option in VM. I tested with J1.7.3 and VM2.0.0 as well as J 2.5.1 and VM2.0.1E. I found that all my cart content gets lost when changing from http to https. So a standard customer might face the following:
- Visits my website in http
- Goes to the shop and adds a product to the basket (still http)
- Clicks on "Show cart" in the cart module
- Ends up in the cart in https and sees an empty cart!

Btw I also noticed that the link to the cart in the facebox is http and in the module it's https!

Greets,
Stefan

PRO

sscheidegger

an ssl certificate is installed on either he www, or non www.

A "session" which stores the cart is ONLY stored on one o the other.

So if you add products to cart when you ae non-www, and you go to https and it changes to www. You are let empty.

is that whats happening?

you need to redirect to the correct one

sscheidegger

I'm new to https, so I wasn't sure if it is possible to keep a session when changing from http to https. Yes, this is what seems to happen!

But then, what is the option "Enable SSL for sensible areas (recommended)" good for? Either VM knows a way to keep the session data when changing from http to https or then there should be an option "Enable SSL for the whole VM Shop". Or am I missing something?

PRO

sscheidegger, it works on mine.

post your url

sscheidegger

@BanquetTables.pro:

Could you tell me on which Versions of J and VM does it work for you? I'd like to set up a clean installation to test this again...

Thanks a lot!


sscheidegger

I still have this problem with VM202 and J251. Apparently others don't have this problem, so it might be a server related issue.

I'm running a debian server with apache2. For using ssl I just activated the ready default-ssl in apaches sites-available. And ssl seems to work on Joomla, Joomla backend and also on VirtueMart as long as I don't switch from http to https during the checkout procedure...

So what do I need to configure on my server in order to enable VM to keep my cart and other data when switching from http to https?

sscheidegger

Hi all,

I finally solved this issue. After I fixed all incorrect configurations of my certificate, the problem was still there. So I investigated more and found that Suhosin was responsible for the problem, which seems to be enabled by default on Debian Linux systems. Suhosin encrypts the session which prevented VM from keeping the information on changing to https.

Deactivating Suhosin session encryption solved the problem:
In suhosin.ini: suhosin.session.encrypt=off

Regards,
Stefan