SSL Issue

Hi,

I've installed an SSL Cert, and enabled it via web.config.

It works well, but I've encountered an issue/bug?

I clicked on my shopping cart so I could see the ssl cert in action.

Then, I wanted to continue browsing the site, so I clicked on the store logo, and it tried to take me to:

https://www.mysite.com/default.aspx

This of course, lead to the "this page contains secure, and non secure items" popup.  We don't like that.  I hovered over the top menu, and all other side links, and see they also have the "https", even when they would be going back to normal, "non-secured" content like the main page.

Any way around this?  We can't have warnings popping up like that.

*** NEW INFO:

I notice, that when on an ssl secured page like shoppingcart.aspx, when I click on SOME top menu links they successfully go back to being non-secured.  For example:

/boards/default.aspx
/search.aspx

I hover over them, and they say "https://www.mysite.com/search.aspx" but when I click and go to them, the https is gone.  Excellent!

I thought I'd check the nopCommerce.com site, to see how the https was handled, on shoppingcart.aspx etc, but it doesn't seem to have ssl enabled.

SO, I guess I need to know how certain pages lose the ssl, because I need ALL pages to lose ssl, except shopping cart, checkout, register, the whole administration section, and any others that need to stay secured.



Thanks

David

I had the same question and I do not think there is a resolution for it.

I initially installed a SharedSSL & thought it was just a bug with the SharedSSL.  I changed to a dedicated SSL and still the same.

I think with NOP Commerce, that is how the software works.  Once you are in https://, you stay there unless you open again in a new browser.

Thanks for the comment.  One thing I noticed, is that even when "IN" ssl, it's true - if I clicked the "home" logo, it tried to go to https://www.mysite.com/default.aspx and I got that error.

It seems that the top menu links which go to default.aspx, and contactus.aspx are the ones which thow this error.  All the other ones, including even sidemenu links change the url back to http as expected.

I guess I need to find out what is unique about default.aspx and contactus.aspx that makes them not "rewrite" the url back to http.

Doing asp.net (vb) for 5 years, however new to nop though, so it's proving to be a learning process.

I am using nop version 1.3
In that version, we have
if (!Page.IsPostBack)
   CommonHelper.EnsureNonSSL();

CommonHelper.EnsureNonSSL() :: This function automatic redirect https to http.
So when you put this function in default.aspx and you come on home page with https then above function will redirect it to http. So use that function in pages where you dont want https and use CommonHelper.EnsureSSL() where you want https.


I have no idea about higher versions.

Thanks for that information!

I appreciate the assistance.

That did the trick!


thanks

David

Did you test it for 1.90?  Just curious?

Hi,

I'm running 1.90. and it has worked.

David

Oh my gosh, how simple was that fix?!?!??

Thanks for much for posting it!

Could this be a bug fix for the next version, please?

ketan.pipaliya wrote:

I've been trying to get SSL to work on the contact form but nothing seems to be working. I've used the following syntax:

namespace NopSolutions.NopCommerce.Web
{
    public partial class ContactUsPage : BaseNopFrontendPage
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            CommonHelper.EnsureSsl();
            string title = GetLocaleResourceString("PageTitle.ContactUs");
            SEOHelper.RenderTitle(this, title, true);
        }
        public override PageSslProtectionEnum SslProtected
        {
            get
            {
                return PageSslProtectionEnum.Yes;
            }
        }
        
    }
}

That hasn't worked. Doing the inverse at the default.cs didn't work either:

 public partial class Default : BaseNopFrontendPage
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                CommonHelper.EnsureNonSsl();
                BindData();
            }
        }

        protected void BindData()
        {
            bool showWelcomeMessageOnMainPage = this.SettingManager.GetSettingValueBoolean("Display.ShowWelcomeMessageOnMainPage");
            if (!showWelcomeMessageOnMainPage)
            {
                topicHomePageText.Visible = false;
            }
        }
    }

Does anyone have any clues as to what I'm doing wrong?

I was having an issue going back from shopping cart to the Default.aspx on IE.

It was resolved by putting the logic specified in this discussion. Hope this helps

https://www.nopcommerce.com/boards/t/7836/after-installing-ssl-some-links-are-working-some-not.aspx