I have been using nop since 1.9 and loving it. After upgrading to nop 2.5 a strange SSL behavior started (it did not happen in 2.4 or earlier). I enabled SSL in the admin area and double checked to see it is actually enabled in the web.config, and it is. My SSL is dedicated, not shared, and I am doing my own hosting.
When I first go to the web site, it is displayed without SSL encryption, as it should be. Then when I click on log in, the SSL kicks in and green lock (chrome) or gold lock (IE) etc... shows. So far so good. After entering the username and password and clicking on log in, the green lock in Chrome changes to grey yellow saying that the page is partially encrypted. This message is replicated in Firefox and IE (page partially encrypted).
So while logged in, in this partially secure connection, I right click on the main page to see the source code, I noticed that the favicon is coming over an https connection, however the remainder of the images on the main page are rendered over an http (insecure connection).
All the images are stored in the database (SQL server 2008 R2).
I checked with Godaddy to see if it is something on their part as it is their SSL certificate, and it is not, since the https shows all the time while logged in, however not everything is transported over https (thus partial encryption), so it is not a certificate or a browser issue .
Is there a solution? After logging in, the connection should stay encrypted fully, not partially, in my view.
I hope I am not replicating a topic or answer. Any help or direction is much appreciated.
Adam.
