Rank: Member
Joined: 7/13/2010(UTC) Posts: 22
|
On our site we're experiencing an issue where our customers are not always being redirected to an https page on check out. SSL is set up and working properly in the Options of the site, however the majority of our customers are not being redirected to the https page.
Any thoughts on what may be causing this issue?
Thanks, Jeremy
|
|
|
|
Rank: Member
Joined: 11/25/2003(UTC) Posts: 370
|
Never seen this happen before if setup in Admin to use SSL. What version you running? |
|
|
|
|
Rank: Member
Joined: 7/13/2010(UTC) Posts: 22
|
Version 5.7.3 with the Sports Shop theme. You can check it out at TeamTeeShop.com. Add a product to the cart and hit Checkout. Edit: added screenshot of Security screen. Sorry for being dense but where within the code do you even see that the page is being redirected to https? I'm completely new to asp so this code doesn't make much sense to me just yet. JTR0013 attached the following image(s): security.png (9kb) downloaded 42 time(s).You cannot view/download attachments. Try to login or register.
|
|
|
|
Rank: Member
Joined: 9/19/2010(UTC) Posts: 104
|
I tried your checkout page, https://teamteeshop.com/checkout/checkout.aspx. I then tried changing the HTTPS to HTTP, i.e. http://teamteeshop.com/checkout/checkout.aspx. It redirected to HTTPS properly for me when using all of my browsers - Google Chrome, Mozilla FireFox and MSIE8. Could there be certain browsers or Mac or other clients where the issue happens? |
Best regards, Shan Plourde www.pahsah.com+1 (416) 628-1280 -------------------------------- |
|
|
|
Rank: Member
Joined: 11/25/2003(UTC) Posts: 370
|
|
|
|
|
|
Rank: Member
Joined: 7/13/2010(UTC) Posts: 22
|
Thanks for the replies. That's the crazy part - that it works for me on all browsers but I've watched it happen (not redirect) on other people's machines. Are you guys thinking this could be a setting(s) within the browser? Is there a way to force the use of https or prompt the user? I'm not sure why it would work on some and not others without any kind of prompt.
What kind of settings could I look into for the browser - cookies, SSL, etc?
Edit: Just wanted to also add that those folks who aren't getting redirected to an https page on TeamTeeShop.com are getting redirected to https pages on other stores like edhardyshop.com. So that just really baffles me that it would work on most every other site except ours. Do you guys happen to know where this redirect occurs? Would it be on the Cart.aspx or Checkout.aspx files?
|
|
|
|
Rank: Member
Joined: 9/19/2010(UTC) Posts: 104
|
I don't know of any browser settings that would prevent an SSL redirect. Do you know what browsers / OS' they use, and also what countries customers experiencing this issue are located in?
Perhaps there is an issue with the SSL handshake. Other random thought that I can think of is what would happen if the browser's certificate authorities didn't recognize the GoDaddy SSL cert that is issued to your site. I don't know why on earth that would happen but if it did, does that mean that SSL handshaking would fail and that the browser would fallback to HTTP?
I don't understand the SSL handshaking process well enough to know what would happen though.
Perhaps you could just always pro grammatically force a redirect to HTTPS in the checkout page code and see what happens?
Maybe there are some IIS log entries that might reveal more details |
Best regards, Shan Plourde www.pahsah.com+1 (416) 628-1280 -------------------------------- |
|
|
|
Rank: Member
Joined: 7/13/2010(UTC) Posts: 22
|
It just doesn't feel like a browser issue to me b/c people are able to redirect to https pages on other sites just fine.
I would think that if the SSL handshake is not successful that it would prompt the user in some way, but again I know understand much about SSL.
Unfortunately I don't understand the BVC code and I'm not sure where it's currently setting the redirect, so I don't know how to force it to always use https. I see a Checkout.aspx file in the BVModules/Checkouts/One Page Checkout dir and then there is a Checkout.master file in the dir for the Sports Shop theme. I'm not sure how either of these files are being used.
|
|
|
|
Rank: Member
Joined: 7/13/2010(UTC) Posts: 22
|
How is a page flagged as 'secure'? Is there a master list of all files which should use SSL?
I'm still baffled as to why it wouldn't show some type of failure message to the user if SSL is not successful.
|
|
|
|
Rank: Member
Joined: 9/19/2010(UTC) Posts: 104
|
If you check your /App_Code/BaseStorePage.vb, you'll find SSL redirects take place from there. You could always add log messages there, to the website log that you can view in the store admin area. Perhaps you could log there if the SSL redirect logic was false. Perhaps logging the visitor's HTTP headers might be a starting point to diagnose the issue. |
Best regards, Shan Plourde www.pahsah.com+1 (416) 628-1280 -------------------------------- |
|
|
|
Rank: Member
Joined: 9/20/2006(UTC) Posts: 92
|
If customers enter your site using [email protected]
|
|
|
|
Rank: Member
Joined: 11/25/2003(UTC) Posts: 370
|
Hmmm, thought we had already been through this www thing. Nice nice btw. Looks like it has good potential. |
|
|
|
|
Rank: Member
Joined: 9/19/2010(UTC) Posts: 104
|
Interesting to note that the BV Commerce SSL redirect feature won't work with a www and non-www version of deployments. That should be something that it is capable of doing out of the box you'd figure (or would you?!?). |
Best regards, Shan Plourde www.pahsah.com+1 (416) 628-1280 -------------------------------- |
|
|
|
Rank: Member
Joined: 7/13/2010(UTC) Posts: 22
|
All, thank you very much for the help - it's greatly appreciated. I guess this is a known issue? I searched this forum with no luck in finding this answer but hopefully this will help someone else down the road. Wallace, thanks for the explanation of the www vs non-www. I ended up installing the tool in the link below to handle the redirect and it seems to be working so thanks again! http://www.iis.net/download/URLRewrite
|
|
|
|
Rank: Member
Joined: 12/23/2003(UTC) Posts: 909
|
[quote="Shan"] Interesting to note that the BV Commerce SSL redirect feature won't work with a www and non-www version of deployments. That should be something that it is capable of doing out of the box you'd figure (or would you?!?).No, I wouldn't expect this to be OOTB, BV is doing us a favor by forcing us to implement a best practice.
many google results for researching WWW vs. non-WWW.
Regardless of the side of the fence you stand, it's best to stick to one or the other. |
|
|
|
|
Rank: Member
Joined: 9/19/2010(UTC) Posts: 104
|
Hmm, I was thinking more about different TLDs. My client has a .com and a .ca domain. We're on the fence about having the site run on both .ca and .com, versus redirecting all requests to .com. BV's licensing allows a single license to run on multiple TLD's since the licensing is per store, providing both TLDs are hosted on the same server / database. It might be a nice idea to have support in the BV admin area to support SSL across different TLDs for this type of scenario.
I'm still debating, I don't have a strong opinion either way since both approaches have their pros and cons. Thoughts on that? |
Best regards, Shan Plourde www.pahsah.com+1 (416) 628-1280 -------------------------------- |
|
|
|
Rank: Member
Joined: 12/23/2003(UTC) Posts: 909
|
I hear you now.
If you have a physical location in canada, the advantages of operating .ca is canadian currency, canadian payment gateway, canadian shipping origin and canadian shipping rates (no tax, no duties, etc.).
I just did a search for a term that a client ranks well on google .ca and .com and it's the same results.... canadian orders do come in, but not substantially.
If it were .ca, perhaps there would be more, but it still doesn't change the fact that the shipping origin is U.S. and international rates and duties apply. |
|
|
|
|
Rank: Member
Joined: 11/5/2003(UTC) Posts: 1,786
|
The reason that BV 5 doesn't support www. and non-www. domains for SSL redirect is that it was designed to work with shared SSL certificates. In past years it was not uncommon to have www.domain.com and then domain.securehost.com or something similar for the SSL side. So, the code in BV that checks to switch between domain names does an exact match on the address in the URL. This prevents it from doing an endless loop of redirects when going from non-SSL to SSL. If the domain name matches the site root setting it can redirect to the site secure root. There are other ways to handle this and BV 6 will support multiple non-secure domain names but BV 5 requires an exact match. As Matt pointed out, it is best practice for SEO to redirect all matching domains to a single name. For example, if you visit http://bvsoftware.com you are 301 redirected to http://www.bvsoftware.com. This keeps Google from indexing two URLs for the same homepage of our site. I highly recommend that you consider this for your stores too.
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.