[thelist] shopping cart - secure or not

Lee kowalkowski lee.kowalkowski at googlemail.com
Tue Oct 24 15:55:41 CDT 2006


On 24/10/06, Bob Meetin <ontheroad at frii.com> wrote:
> Bob Meetin wrote:

I'm not getting anything from the secure folder, just loads of missing
images, and your login page is in the secure folder, but not HTTPS.

> > original:
> > /shop/secure/stylesheet.css
> > /shop/secure/images/design/m34.gif (an example image)
> >
> > https://www.example.com/shop/secure/stylesheet.css
> > https://www.example.com/shop/secure/images/design/m34.gif

I wouldn't recommend absolute URLs if you can help it.  There's no
difference to the browser, I just think it's a maintenance trap, more
to do if you change your domain name, or want to re-use across
multiple domains.  Unless you're systematically generating these URLs
automatically.

Why are your CSS and GIFs in a different location than the non-secure
ones?  Ideally, you should be able to serve your CSS and GIFs using
HTTP or HTTPS from the *same* location.  That way, coupled with
non-absolute URLs, you're in no danger of the dreaded mixed-content
scenario.  If you serve HTTP & HTTPS content on the same page, IE
gives a warning, with very discouraging information if you click "more
info...".

> This is another seemingly Internet Explorer
> only rendered error message.  Basically the error says, "
> *You are about to be directed to a connection that is not secure.... OK
> or Cancel*."

It's not an error as such, just a warning, isn't there a checkbox to
turn it off in the dialog box?  If not, it can be turned off at the
bottom of advanced settings, "warn if changing between secure and not
secure mode".  I got so fed up of it, I turned it off a long time ago.
 If users don't turn this off, I would have thought they'd be pretty
used to it, it pops up everywhere.

> You can see the gif image of the error at:
> www.example.com/shop/returning_customer_error.gif

Hmmm, no I can't.  I hope it's not related to your client's problem.

> I went back to the distributor's site and found a
> couple other digishop shopping cart installs.  Some work smooth, some
> also experience the same problem.  Suggestions?

What's "smooth"?  No warning message?

-- 
LK



More information about the thelist mailing list