Something I do not understand with the shared SSL and how it could work
the nopCommerce installation is running as http://www.myshop.com
I want to use a shared SSL: https://myshop.myhost.com (this is not a directory but a proper certificate installed in IIS)
I create a website in IIS 7 / win2008 and do the following binding: http://www.myshop.com https://myshop.myhost.com after installing a certificate for myshop.myhost.com in IIS
I can navigate to both with no problem http://www.myshop.com https://myshop.myhost.com
In nopCommerce global settings I have : use SSL + shared SSL = https://myshop.myhost.com
Now if I navigate in the website http://www.myshop.com When I hit Login: it goes to https://myshop.myhost.com/Login.aspx If I login it authenticates me for the domain myshop.myhost.com Then I am redirected to the non SSL page: http://www.myshop.com This is not the domain for which I am authenticated, the authentication cookie would not work, so I am not logged in!
So basically that cannot work in this configuration The only way it to have a non shared SSL where both SSL and non SSL domain are the same, so i am authenticated in both.
But I think that if we use different TOP domains for the shop and the shared ssl, then there is no simple solution.
The browsers themselves are persisting cookies per domain, so I would only be able to share cookies within the same top domain... so we would need to generate 2 authentication cookies within the same application