Redirect Loop

I have the site operational to the point of browsing the site, but I can't login to access the administration section of the site due to a redirect loop. I've tried redirect files and different config settings, but none have worked. I have a SSL Certificate on the site and it is hosted by Network Solutions. It is hosted in the root folder and not as an application or subdirectory. Can someone please help or point me in the direction of the answer.  Greatly appreciated.

Use fiddler or something that can intercept your http traffic and check what's coming back from the server. It most likely will be a permission setting or a custom error page playing up.

Hi,

I am experiencing the same issue-  even on http://demo.nopcommerce.com so it's not a configuration issue. I believe it might be related to a cooke or session variable that is set on the front end of the website? I tried closing my browser windows and reopened, and it started working ok for a while, but after doing some testing on the front of the site, it started again. I could be because I clicked on the logout and register buttons on the front of the site?

I am wondering if the fact that I can't get my Vista machine to recognize the SSL certificate eventhough I have the certificates installed on the machine. IIS 7.0 does not recognize nor show that the certificate is available for me to use. My next question is, if I run a new install on my xp machine, can I copy just the web.config file to the server to remedy the loop? I have created custom layouts and css files and really don't want to have to do all of that over again. Thanks.

Okay, the latest and greatest with the greatest part! I can enable SSL in the application, then open a new window and browse to the site. Once I click on register or login, the LOOP begins. While the loop is processing, I can disable the SSL function in the application and BAM! It goes right into https. Does anyone have any suggestions as to how or why this is happening?  I am getting so frustrated that I have no other options! I have done two direct installs onto the network solutions box and it is still not working correctly.

Tonight I am having the same issue. Upon investigation, I found where this error is happening in the code. I am not sure if this is a bug or a setting error. Basically if we take a login.aspx for an example, you will see a snippet below in the page_load event.

inside login.aspx
if (!Page.IsPostBack)
            {
                CommonHelper.EnsureSSL();
            }

inside commonhelper.cs
public static void EnsureSSL()
        {
            if (!HttpContext.Current.Request.IsSecureConnection)
            {
                if (SettingManager.GetSettingValueBoolean("Common.UseSSL"))
                {
                
  if (!HttpContext.Current.Request.Url.IsLoopback)
                    {
                        ReloadCurrentPage(true);
                    }
                }
            }
        }

  public static void ReloadCurrentPage(bool UseSSL)
        {
            string storeHost = GetStoreHost(UseSSL);
            if (storeHost.EndsWith("/"))
                storeHost = storeHost.Substring(0, storeHost.Length - 1);
            string URL = storeHost + HttpContext.Current.Request.RawUrl;
            HttpContext.Current.Response.Redirect(URL);
        }

The process is if the page is currently on non-https mode, it would redirect to https page.
The problem here is after the redirection on reloadcurrentpage function, this  CommonHelper.EnsureSSL();
keep getting call again because IsPostBack flag is going to be false on redirect function is called.

if (!Page.IsPostBack) //this will never be false
            {
                CommonHelper.EnsureSSL(); //will always be called resulting in the redirecting loop error.
            }

I am going to try to fix this code in the next few days. For the time being if anyone has worked on this code, please post your solution here.

Thanks in advance,

Smitty

After playing a little more with this issue, I learn that the reason why the loop is happening is because HttpContext.Current.Request.IsSecureConnection inside the EnsureSSL never got set to true for some reasons. Now I am using godaddy ssl, there could be something to do with SSL I am using. I am gonna try to use a different ssl to see if this would make any difference.

Thanks,

Smitty

i think go daddy only lets you use  their own ssl on their shared hosting

What SSL certificate do you use? Shared?

Hi nop commerce team, I am using godaddy ssl certificate. I don't believe it is a shared certificate. I am currently hosting the site with rackspace.com. I have called both godaddy and rackspace technical support and they both say that the problem is with the code.

I have tried to debug the issue with the code, and it looks like HttpContext.Current.Request.IsSecureConnection is never set to true (please look at my previous posting). I am tempted to remove this code and replace it with checking for https in the url or set a view state variable to check this only once.

Any ideas?

Thanks,

Smitty