- Status
Just in case it happens to anyone else here's the gen.
If you uninstall 'Modsecurity' you need to restart Apache to get things back working.
If you don't want to remove 'Modsecurity' do the following:
You can fix OScommerce by editing the file 'includes/configure.php' you will see 'define('HTTPS_COOKIE_DOMAIN', 'https://yourdomain.com' remove the 's' from https and it will work again.
If you uninstall 'Modsecurity' you need to restart Apache to get things back working.
If you don't want to remove 'Modsecurity' do the following:
You can fix OScommerce by editing the file 'includes/configure.php' you will see 'define('HTTPS_COOKIE_DOMAIN', 'https://yourdomain.com' remove the 's' from https and it will work again.
Last edited:
Just to note this...cbwass said:
Removing the `s` from the `https` for secure sites will cause a certificate warning to the end user, this will not look good to the end user. You should not mix `http` into a secure site. ALL images and other includes should be called from the `https` url.
Try this:
change this:
'define('HTTPS_COOKIE_DOMAIN', 'https://yourdomain.com'
to
'define('HTTPS_COOKIE_DOMAIN', 'https://.yourdomain.com'
for both HTTPS and HTTP_COOKIE_DOMAIN defines, ie. make the domain .yourdomain.com instead of yourdomain.com.
David
change this:
'define('HTTPS_COOKIE_DOMAIN', 'https://yourdomain.com'
to
'define('HTTPS_COOKIE_DOMAIN', 'https://.yourdomain.com'
for both HTTPS and HTTP_COOKIE_DOMAIN defines, ie. make the domain .yourdomain.com instead of yourdomain.com.
David
OScommerce and modsecurity work fine. You did enable SSL in your config file...correct?
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
No - the customer doesnt want to use SSL as he doesnt have his own certificate.
BUT - there seems to be a bug which causes the images from time to time to try using HTTPS - and only in IE (not firefox).
Found a thread on it here:
http://www.oscommerce.com/community/bugs,1368/category,Installation+&+Configuration
BUT - there seems to be a bug which causes the images from time to time to try using HTTPS - and only in IE (not firefox).
Found a thread on it here:
http://www.oscommerce.com/community/bugs,1368/category,Installation+&+Configuration
Just change this line in the config to false, and to leave the SSL server blank to remove the SSL from being called.
define('ENABLE_SSL', false); // secure webserver for checkout procedure?
define('HTTPS_SERVER', '')
define('ENABLE_SSL', false); // secure webserver for checkout procedure?
define('HTTPS_SERVER', '')
Well tried that - it worked on Firefox but not IE.
So I do what we usually do when this happens - reset cpanel SSL cert and restart apache.
Fixes it for a while - then it comes back after 2months or so.
Another fix should be to use same entry for https as for http - because then IE can find the files as well..
So I do what we usually do when this happens - reset cpanel SSL cert and restart apache.
Fixes it for a while - then it comes back after 2months or so.
Another fix should be to use same entry for https as for http - because then IE can find the files as well..
I just noticed this one on one client's osCommerce installation yesterday. I went in and simply modded application_top so that it forced it to not use the SSL hostname (which is set to '' because there is no SSL hostname due to the fact all transactions are done off-site via PayPal).
I received an E-Mail from ANOTHER client using osCommerce today (again, no SSL cert, no SSL url as their checkout is done via PayPal).
It seems that it's the base= line in the HTML header output.
It's outputting as base="" (as there is no SSL url defined in the config file), so it's assuming it's in SSL mode when it's not).
IE seems to take base="" as top priority, and thus attempts to load http:///image.jpg
FireFox ignores base="" and loads the images current to the relative path of the page (http://www.domain.com/image.jpg).
As 90% of the internet still uses Internet Explorer, this is a pretty big deal.
Oh yeah, all their config files are defined as follows..
define('ENABLE_SSL', false); // secure webserver for checkout procedure?
define('HTTPS_SERVER', '')
And this is with MS1 and MS2 installations.
I received an E-Mail from ANOTHER client using osCommerce today (again, no SSL cert, no SSL url as their checkout is done via PayPal).
It seems that it's the base= line in the HTML header output.
It's outputting as base="" (as there is no SSL url defined in the config file), so it's assuming it's in SSL mode when it's not).
IE seems to take base="" as top priority, and thus attempts to load http:///image.jpg
FireFox ignores base="" and loads the images current to the relative path of the page (http://www.domain.com/image.jpg).
As 90% of the internet still uses Internet Explorer, this is a pretty big deal.
Oh yeah, all their config files are defined as follows..
define('ENABLE_SSL', false); // secure webserver for checkout procedure?
define('HTTPS_SERVER', '')
And this is with MS1 and MS2 installations.
Last edited:
Quick discovery...
echo 'getenv('HTTPS')';
returns "on" even when URL is called via http://www.domain.com/
This is what's tripping up osCommerce.
echo 'getenv('HTTPS')';
returns "on" even when URL is called via http://www.domain.com/
This is what's tripping up osCommerce.
There are a few settings that need to configured correctly for osCommerce to function as intended.
First, the cookie domain settings should not have the HTTP or HTTPS. Here is an example:
CORRECT
NOT CORRECT
The dot in front of the domain name sets the cookie scope. Thus, the cookie would be valid for www.domain.com, forum.domain.com, store.domain.com, etc.
Next, the cookie path should be set as restrictive as the store owner needs. Here is an example:
CORRECT - Assuming catalog is top level
The cookie path sets the directories UNDER the cookie domain that are allowed access to the cookie information. Thus, the least restrictive is a forward slash (every directory is allowed to read cookie data).
With respect to the $request_type variable: this code =>
...should be:
Bobby
First, the cookie domain settings should not have the HTTP or HTTPS. Here is an example:
CORRECT
PHP:
define('HTTP_COOKIE_DOMAIN', '.domain.com');
PHP:
define('HTTP_COOKIE_DOMAIN', 'http://domain.com');
or
define('HTTP_COOKIE_DOMAIN', 'http://www.domain.com');Next, the cookie path should be set as restrictive as the store owner needs. Here is an example:
CORRECT - Assuming catalog is top level
PHP:
define('HTTP_COOKIE_PATH', '/');With respect to the $request_type variable: this code =>
PHP:
// set the type of request (secure or not)
$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
PHP:
// set the type of request (secure or not)
$request_type = ($_SERVER['SERVER_PORT'] == '80') ? 'NONSSL' : 'SSL';Sometimes things change and settings that may have been incorrect yet were tolerated are no longer so. The osC config above is correct and anything else will result in erratic operation. I would start there.
PS: Bobby is an excellent resource for osC information!
PS: Bobby is an excellent resource for osC information!
He may be, as I said, I've been using it for several years myself.DavidR said:
What I'm talking about in this instance is NOT an osCommerce issue (otherwise, it wouldn't happen to over a dozen osCommerce installations overnight that have been running perfectly happily for 2-4 years.
As I determined that this is NOT an osCommerce issue, I created a separate thread for this problem.
http://forums.cpanel.net/showthread.php?t=44208
- Status
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| C | Safe to upgrade oscommerce? | Developer Experience | 4 | |
| L | OSCommerce, Agora installs fail | Developer Experience | 6 | |
| T | Server update/changed causing issues in oscommerce | Developer Experience | 5 | |
| N | Modify version oscommerce | Developer Experience | 0 | |
| M | OScommerce - Date & time | Developer Experience | 1 |