AbanteCart Community
eCommerce construction => Installation and Configuration => Configuration => Topic started by: epanagio on June 11, 2012, 05:20:28 PM
-
The domain name is
randrbuyandsell dot com
we have a valid ssl installed. In System->Settings->Store URL we have https:// randrbuyandsell dot com/
In System->Settings->System we have SSL turned on. Save the settings and log off.
To be sure we clear the cache and then enter the URL randrbuyandsell dot com in chrome. I assumed that it will redirect it to https:// randrbuyandsell dot com but it doesn't.
Am I doing something wrong?
-
Where did you check SSL? I see it is working on your site.
Site stitch to SSL automatically when you login or go to registration. Only customer section and checkout pages are using SSL, not all product or catalog pages.
If you need whole site to use SSL all the time, you can can configure main URL in configuration to use HTTPS.
-
Because it didn't work I entered a redirect in apache. If you would like to test it I can remove the redirect for you to see.
"If you need whole site to use SSL all the time, you can can configure main URL in configuration to use HTTPS. " Is this the "Store URL:" ? I had it set to "https://randrbuyandsell.com/" and that didn't work either.
Let me know if you would like me to remove the redirect.
Thanks, Evan
-
I just tested this on my install and setting for SSL ON does work correctly.
Please remove the redirect and have setting for SSL ON in the admin -> settings.
-
Yes. You are correct. It does work correctly. I didn't understand that the ssl takes over only in certain areas. I thought that the whole entire site would have been under ssl.
THANKS!
-
The recommended approach to using SSL is that once the visitor enters a secure state, they do not leave it unless they leave the site, or log out.
The cart would benefit from a change to this approach.
David
-
Thank you for suggestion. We will note this.
There is a concern that regular catalog pages might have NON-SSL inclusions and this will cause warnings to poup if you have SSL enabled for these pages.
-
That is quite a reasonable concern.
Another concern that should be considered with ecommerce sites is that floating back and forth from secure to insecure states can increase opportunities to hijack the session.
Its not reasonable to use content sourced from insecure servers or connections in any case. In the end, the associated risks of viral loading, phishing and other code insertion should be sufficient to push the industry into a fully secure mode. I will agree however that a good deal of thought should be applied before changing the application to meet this standard..
David
-
Excellent point about security. We will give it more thinking.
-
I have my SSL turned on and i am ready to enter my credit card information but I still do not get https in my url. Help. My site is live and unsecure.
-
Hello.
You need to turn ON SSL in your AbanteCart settings
http://docs.abantecart.com/pages/settings/details.html