[ic] "Secure" basket

Jamie Neil interchange-users@icdevgroup.org
Thu May 29 17:38:00 2003 

> -----Original Message-----
> From: interchange-users-admin@icdevgroup.org
> [mailto:interchange-users-admin@icdevgroup.org]On Behalf Of Joshua Lavin
> Sent: 29 May 2003 21:58
> To: interchange-users@icdevgroup.org
> Subject: Re: [ic] "Secure" basket
>
> On Thursday, May 29, 2003, at 08:19  AM, Jamie Neil wrote:
>
> > Hi All,
> >
> > I've just enabled ssl on my site for the first time, and have
> > discovered a
> > rather annoying problem that didn't show up beforehand.
> >
> > When the user goes to the basket page, the URL is insecure which is
> > correct.
> > When they click through to the checkout the secure=1 on the form passes
> > control to the secure pages which is also correct.
> >
> > The problem is that if the user clicks recalculate, empty basket or
> > continue
> > shopping in the basket page, they are redirected to the secure site
> > rather
> > than the normal one. I checked the demo site at icdevgroup and it
> > behaves
> > the same way.
> >
> > The only way around this that I can think of is to insert an
> > intermediate
> > page between the basket and the checkout that handles the move from
> > secure
> > to insecure more gracefully.
> >
> > Has anyone got a better suggestion?
> >
> > Jamie Neil
> > Versado I.T. Services Ltd.
>
> Are you meaning by "secure site" having https in front, rather than
> http?

Yes

>
> We have a secure cert and I do not notice this behavior on our site
> (www.shopalert.us). It's always http until you click Checkout.

Interesting. I assumed the link from the basket to the checkout had to be a
form post (process-target), whereas you are using an href straight to the
checkout page. That fixes the problem because the basket form no longer
needs to be set to secure=1.

So why does the current foundation demo use a form post rather than a
straight link? The only disadvantage I can see to using the link is that if
you update the quantity and then click on checkout, then that quantity
change will be lost. That seems to be less of a problem than having the
basket buttons all transferring you to a secure url. Or am I missing
something?

Jamie

>
> Josh
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>