Not to be a Debbie Downer, but this new "feature" is a security hole:
"Some pages (admin area, login, and checkout pages) use HTTPS. Let's force all other pages to use HTTP."
If you are already authenticated, you should ALWAYS stay on a secure channel as the cookie used for your session and authentication status is always passed on each request. This cookie should be set to secure="true" to force the need for a secure channel or else the browser won't send it. If you don't do this, it can be easily snatched and replayed.
This is a pretty big security hole and I won't be upgrading until this is actually fixed. I understand the reasoning behind it, but it was a mistake to make this feature available.
Please see the OWASP site on Cookie and Session Management:
https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#Cookies_and_Session_Management
nopCommerce v2.60 released
Team Member
- 16611
- 155790
- 10/22/2008
- Armenia
breakskater wrote:
I cannot reproduce it. Just press F5 (refresh your browser page and clear cache).
breakskater wrote:
It wasn't planned to be added in 2.60
I found a minor issue with the Customer Search. The waiting progress image is still on the page:
Customer Search Screen Shot
Customer Search Screen Shot
I cannot reproduce it. Just press F5 (refresh your browser page and clear cache).
breakskater wrote:
Also, I don't see the Id-less URL feature. It was supposed to be in 2.6. Was it moved to 2.7?
It wasn't planned to be added in 2.60
Team Member
- 16611
- 155790
- 10/22/2008
- Armenia
msumerano wrote:
Some pages in the previous versions of nopCommerce also always used HTTP. Now we simply added more pages to this list
So amazon.com is also vulnerable to this attack? Go to checkout (HTTPS) or my account page (HTTPS), then go to a product details page (HTTP). Even if you manually type HTTPS for a product details page, you're redirected to HTTP version (cookies are also sent).
This is a pretty big security hole and I won't be upgrading until this is actually fixed. I understand the reasoning behind it, but it was a mistake to make this feature available.
Some pages in the previous versions of nopCommerce also always used HTTP. Now we simply added more pages to this list
So amazon.com is also vulnerable to this attack? Go to checkout (HTTPS) or my account page (HTTPS), then go to a product details page (HTTP). Even if you manually type HTTPS for a product details page, you're redirected to HTTP version (cookies are also sent).
Team Member
- 16611
- 155790
- 10/22/2008
- Armenia
stevo wrote:
Actually previous versions of nopCommerce (2.X version) also didn't have an official SagePay extension. There is a SagePay extension for 2.40, but it's not an official one. You could contact a plugin author and ask him for a new version for 2.60
Some new excellent features, but shame I won't be upgrading as their is no Extension for SagePay.
Do you know if an extension is coming out soon?
Do you know if an extension is coming out soon?
Actually previous versions of nopCommerce (2.X version) also didn't have an official SagePay extension. There is a SagePay extension for 2.40, but it's not an official one. You could contact a plugin author and ask him for a new version for 2.60
- 16
- 140
- 7/23/2011
- United Kingdom
loidis wrote:
It works fine on my site for products with single images but not with multiple images. On the demo site it doesn't open up a preview for products with just one image but opens up a new page for products with multiple.
Multiple example:
http://demo.nopcommerce.com/p/17/canon-digital-rebel-xsi-122-mp-digital-slr-camera
Single example:
http://demo.nopcommerce.com/p/49/poker-face
Hi Guys, great work on 2.6 and I really like these frequent releases, it’s great for us. After upgrading to 2.6 my product images no longer open up as a gallery but simply open up in a new page. Is this intentional?
It works fine on my site for products with single images but not with multiple images. On the demo site it doesn't open up a preview for products with just one image but opens up a new page for products with multiple.
Multiple example:
http://demo.nopcommerce.com/p/17/canon-digital-rebel-xsi-122-mp-digital-slr-camera
Single example:
http://demo.nopcommerce.com/p/49/poker-face
Team Member
- 16611
- 155790
- 10/22/2008
- Armenia
loidis wrote:
Everything works fine. Click F5 in order to clear your browser cache
Hi Guys, great work on 2.6 and I really like these frequent releases, it’s great for us. After upgrading to 2.6 my product images no longer open up as a gallery but simply open up in a new page. Is this intentional?
Everything works fine. Click F5 in order to clear your browser cache
- 31
- 355
- 5/27/2012
- United States
a.m. wrote:
Maybe it would be a good idea to make a folder called 2.4, 2.5, 2.6 etc for all the items that continue to generate questions simply because browsers like to cache.
On top of it there seems to be a bunch of obsolete and unused script floating around in one general directory that could use a bit of cleaning. The fancier the user interface gets and the more people start offering plug-ins that take advantage of say jQuery the larger the need for organizing these scripts by release will become.
Just a thought.
Click F5 in order to clear your browser cache
Maybe it would be a good idea to make a folder called 2.4, 2.5, 2.6 etc for all the items that continue to generate questions simply because browsers like to cache.
On top of it there seems to be a bunch of obsolete and unused script floating around in one general directory that could use a bit of cleaning. The fancier the user interface gets and the more people start offering plug-ins that take advantage of say jQuery the larger the need for organizing these scripts by release will become.
Just a thought.