Login redirecting from https to http after login

Posted: January 05, 2018 at 9:40 AM Quote #198778
Hello,

The login pages for each of my production nopCommerce sites are secured with SSL, which is what I want. The problem that I noticed is that after a login is successful, they redirect back to the homepage, which is not secured. Is this the way it is for every nopCommerce installation? And if so, is there an easy fix for this?

My websites are all on nopCommerce 3.9.

Thank you for your help.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: January 05, 2018 at 1:08 PM Quote #198791
Just to clarify, the login page itself is secured, as it should be, while the page that it submits to is not secured with HTTPS.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: January 05, 2018 at 7:00 PM Quote #198800
In Admin 'All Settings', search for and change 'securitysettings.forcesslforallpages' to True
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Posted: January 08, 2018 at 8:52 AM Quote #198887
Thanks for the suggestion, New York.

I've tried that already, but it causes the front page to take forever to load, and considering how much traffic I receive daily, I'm not sure if the server will handle it well. I will try testing it again anyway, though.

Is the traffic that is submitted from the login still encrypted, despite this being the case? I noticed in the source code that the login page's action method has an SSL requirement attribute tied to it, but the method that it submits to does not and it redirects to the unsecured home page on success.

If I am completely wrong here, please correct me. I'm trying to cover any potential security holes with my websites and want to ensure that I have nothing to worry about with this issue.

Here is the source code, for reference:

[NopHttpsRequirement(SslRequirement.Yes)]
//available even when a store is closed
[StoreClosed(true)]
//available even when navigation is not allowed
[PublicStoreAllowNavigation(true)]
public virtual ActionResult Login(bool? checkoutAsGuest)
{
    var model = _customerModelFactory.PrepareLoginModel(checkoutAsGuest);
    return View(model);
}

[HttpPost]
[CaptchaValidator]
//available even when a store is closed
[StoreClosed(true)]
//available even when navigation is not allowed
[PublicStoreAllowNavigation(true)]
public virtual ActionResult Login(LoginModel model, string returnUrl, bool captchaValid)
{
    ... code
}
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: January 11, 2018 at 9:08 AM Quote #199062
I guess I must be mistaken and this isn't an important issue..
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.