That's a good question. I'm not sure what is the right answer to your question. I'll do some investigation and get back to you if I find an answer. You should email the people at iPage as they probably could give you help..
All of the checkout pages are secure with https and the lock at the bottom. I think you're right though that it's not working properly. What should my admin settings be for sessions? This is what I have right now:.
Session Directory /tmp.
Force Cookie Use False.
Check SSL Session ID False.
Check User Agent False.
Check IP Address False.
Prevent Spider Sessions True.
Recreate Session False.
If I turn force cookies to true, I get an alert page that my browser isn't accepting cookies which isn't true.....
Thanks for the help!..
You need to create your own session directory in your document root path, the one currently set is just there as an example, you most likely do not have access to the root like that. same with the path in logging which points to /tmp.
For a shared ssl using an alias, and forcing cookies I have found does give an error..
Ok...you lost me...what do I need to do? Are my settings mostly correct or what do I specifically need to do? I'm not a techie lol! Should I leave my force cookies at false? I've also noticed that now that I've added ssl that session ids are not being created unless someone logs into their account...
Ok...so I just make a new file basically in the root for the session directory and then change it in admin to go to that directory?.
What about the rest of my session settings? Are they correct? Is there a way to force cookies and get it to work with a shared ssl?? Now that I've added ssl, sessions are not being created unless the customer logs in to their account. If they're browsing the iPage site as a guest, no session is created at all. It use to create sessions for everyone but the bots no matter if they were logged in or not..
I have fixed my admin problem, but I still have a few issues...any help is much appreciated! The last few problems are:.
1. Session IDs are not being created until someone logs into their account. It use to be that a session ID was created just by accessing the site. Once someone logs in, a sesssion id is created..
2. My create_account.php page is not secured by ssl for some reason. All other pages that I would expect to be secured are secured except this one..
3. If I turn force cookies to true, I get a security message on my iPage site saying my browser doesn't accept cookies...which, of course, it does. Do I even need the cookies? It seems that everything saves to the cart ok...even if I log off and back in..
Thanks for the help!..
If you want to make sure that all of your osCommerce 'admin' is protected by ssl then drop this into a .htaccess file in your osCommerce 'admin' directory.
This file pathway is for a iPage site with a full ssl cert. For a shared cert alter the file pathway appropriately..
As I mentioned, I've fixed the admin part...I need help with the other three issues....do you have any idea how I fix those?..
I have been able to get my shared ssl working correctly on my shopping cart (I think anyway!) but I do have one question. My checkout is secured but when a new customer registers, that page with all their personal information is not secured....should it be? If so, how do I get that page secured?.
I haven't been able to get it working on my admin though. I put the same https url in but I still get the message that admin is not secure..
Any help is much appreciated!.
If ssl is working properly, when a customer goes to register, view their account info, checkout, those pages should be ssl automatically.
For the admin, the top line needs to be https, not http, read at the end of the line, it says http or https..