SSL not working - HTTPS on pages after checkout

Started by tmdonovan, June 07, 2013, 17:11:03 PM

Previous topic - Next topic

tmdonovan

Hi, I am having 2 problems with SSL, and one question.
Joomla 2.5.11
VM 2.0.21b
VM/Configuration/shop - Enable SSL for sensitive areas (recommended) is checked

Problem 1) once you go into an HTTPS cart page, every other subsequent page - secure or not - is set to SSL.  Even closing the browser window and opening a new one sets all pages to HTTPS.  I have to clear the Joomla cache in ordeer to be able to use the website non-secure pages without HTTPS.
Problem 2) once you go into an HTTPS cart page and leave (e.g. to continue shopping), add to cart functions no longer work and you can no longer return to the cart.

Question 1) checkout page 1 (e.g. index.php/component/virtuemart/cart?Itemid=0) is not HTTPS but maybe it should be because you can login on that page; password needs to be secure.  I notice that the Login button goes to an HTTPS page, just want confirmation that passwords are never sent decrypted across the internet.

I have seen other forum entries for Problems 1 and 2, but no solution. 

Please Help!!

jjk

Non-English Shops: Are your language files up to date?
http://virtuemart.net/community/translations

tmdonovan

SSL enabled on your server? Yes
Joomla menu items pointing to pages which should be https set to 'Secure' = "On" in their 'Metadata options'? No Joomla menu items point to secure pages
'Force SSL' in Joomla Global Configuration set to "None"? Yes
In VirtueMart configuration 'Enable SSL for sensitive areas (recommended)' enabled? Yes

We are using Authorize.net as the payment gateway, with native VM Authorize.net integration.

Problems still exist.

jjk

Quote from: tmdonovan on June 10, 2013, 12:57:31 PM
No Joomla menu items point to secure pages
Usually you would add something like a 'Customer Menu' with Joomla menu items like:
View Cart - Menu item type = Shopping Cart
View your order history - Menu item type = List Orders
Your customer account - Menu item type = Account Maintenance

If you don't want to display such menu items, you can try to create them in a hidden menu. I suppose this will help Joomla to switch out of https again.

In my own shop (where switching to/from https works perfectly) I've set my 'Customer Menu' items in the 'Menu Item' > 'Metadata Options' to:

Robots: No index, no follow
Secure: On

For the login form I use the standard Joomla login module, which can be set to 'encrypt' (switches to https when enabled).
Note that you can limit the display of modules to certain pages, if required.

Once the customer added a product into the cart (https), VM stays in https when the customer clicks on 'Continue shopping'.  In my case I don't have a problem adding more products to the cart while in https.

One additional note: Joomla Cache should be set to 'disabled' when using VM.
Non-English Shops: Are your language files up to date?
http://virtuemart.net/community/translations

tmdonovan

I added a new joomla hidden menu item View Cart type VirtueMart Shopping Cart with Secure=On.  No change.

I discovered today that you don't have to go to the cart and checkout for the problem to arise.  Today I added a product to the cart, and logged in on the View Cart page.  On initial display, the View Cart did not display HTTPS (though it was set to Secure on the joomla menu).  Once I logged in, the View Cart page was HTTPS.  I then clicked the Continue Shopping button to go to the product page which now had HTTPS turned on as well.  At this point I tried to add a product to the cart but it failed - the Add to Cart showed a timer but I did not get the Add to Cart popup page.

So it seems that once you reach a page that legitimately has HTTPS, all pages after that are HTTPS (whether or not they should be), but if you leave the VM cart pages, the VM cart pages no longer work.

tmdonovan

Hi, it looks like a number of other VM2 users are running into the same problem, enough that PRO wrote a plugin for proper redirection - see http://forum.virtuemart.net/index.php?topic=103554.0.  Unfortunately, this plugin does not work with SEF which means it will not meet my client's requirements.  It seems like this is a bug in VM2 and should be handled as such and given a high priority for correction - shopping carts need to work with SSL properly.

jjk

The plugin by PRO already is more than one year old. A lot has been changed since then. It works on my site with J2.5.11 and VM2.0.20b (stable). You can check it if you follow this link:
http://forum.virtuemart.net/index.php?topic=110005.0
Version 2.0.21b is a 'developer's version' that shouldn't be used for a live shop.
Do you have a link to your problem site?
Non-English Shops: Are your language files up to date?
http://virtuemart.net/community/translations

tmdonovan

We are not yet live, still trying to resolve VM SSL problem.  I see your demo site works, I was thinking my problem might be template-related, so I switched the template to BEEZ20 but am still getting the problem.  Does your demo site have SEF turned on or off?  (That's my next area to test.)  I can email you a link to our site if SEF testing still shows the same problem.

jjk

Quote from: tmdonovan on June 10, 2013, 17:00:22 PM
I see your demo site works...
That's my live shop, with SSL and SEF turned on. You should have noticed the SEF urls  ;)

Non-English Shops: Are your language files up to date?
http://virtuemart.net/community/translations

tmdonovan

Hi, thanks for your help.  It turns out that PRO's suggested template changes worked for me and corrected the SSL problems.  This issue is now resolved.