SSL different than shop URL - problem

[jooik]

Hey All,

 

I am using Prestashop 1.5.3.1. I see in the BO that we can change the shop URL and SSL-URL. The problem is that my SSL-URL is different than the shop URL. Lets say normal url: example.com and SSL-URL example2.com. Two totally different domains.

 

The problem now is how can I make it working correctly. Till now I see that the session while created in example.com does not exist for example2.com. As I remember sessions in Prestashop are handled by cookies. Can I somehow make it working? I have the SSL on different domain because I bought the wildcard one.

 

Regards,

Karol

[benjamin utterback]

Hi jooik, from my understanding I thought you needed to install a ssl certificate on your main domain. I don't know about having a different domain and having it work with PrestaShop, and your main domain.

[jooik]

Well that the problem. I don't want to waste IPv4 addresses for every shop I make.

I have my domain domain2.com which has a wildcard SSL, which works for any subdomain. I want to avoid buying the SSL certificate for every domain. I want to force client that while entering the sensitive pages (like my account, orders, etc) to redirect them to my subdomain like something.domain2.com which would have SSL already installed.

[Bill Dalton]

I can use a sub domain with Prestashop 1.4.9.1 but it will not work with 1.5.3.1

 

I'm not currently using PS 1.5 but I will be in a couple of weeks. I had hoped this bug would be fixed in PS 1.5.4 but I haven't tested the new version as yet.

 

Looks like a possible fix here,

http://www.prestashop.com/forums/topic/194004-cart-contents-disappear-when-switching-to-ssl-subdomain-prestashop-15/

[Dh42]

Bill, try turning off friendly urls and it will work. I reported a bug this morning on it.

[jooik]

Thats the case for subdomains. My problem is with completely different domain for SSL. The cookie does not get produced for my SSL domain.

[Bill Dalton]

>>Bill, try turning off friendly urls and it will work. I reported a bug this morning on it.

 

Dh, thanks for the tip. Nice to know I have a worst case out.

 

​jooik, there is no difference regarding cookies in the handling of domains vs sub domains.

 

www. domain.com and domain.com are the same as using two completely different domain names.

 

Sub domains and different domains are handled the same. Currently the problem with Prestashop is that if you have a different domain for SSL, it needs to call your pages with your main domain, but it must call all resources images, java scripts and CSS with the domain you use for SSL. This is because resources that display on an SSL page must be referenced by the domain you plan to use for SSL.

 

The bug in Prestashop is that it is not using the correct domain to call resource prior to switching to SSL.

 

Now if you are using a domain that is located on an other server and is not configured to have access to your web site resources, that will not work as well.

 

As far as I can tell it is not cookie issues. If both domains are configured to access the PS resources and Prestashop is using the domains for the correct calls, it should work.

Edited April 23, 2013 by Bill Dalton (see edit history)

[Dh42]

I actually had Remi look at one of my installations this morning, it is a htaccess problem. He says 1.5.4 fixes the issue, but he generated a htaccess for the site also.

[Bill Dalton]

Perfect. I've installed 1.5.4 but just haven't had time to play with it.

 

That's great news, thanks.

[lancealot]

jooik is correct, when you have a SSL-URL that is different than the shop URL (url: example.com and SSL-URL example2.com), two totally different domains, it will not work with the latest Prestshop even if you have Friendly URL disabled. What happens is when you go to "checkout" and it changes the top-level domain to the new SSL URL, the cart will be empty. The cookie does not move between domain names, even if your on the same web server pointing to the same files. The interesting thing is I have used other E-commerce systems in the past (for example ZenCart), and this was not an issue, and it worked fine with different top level domain name. This is something very important I hope that can be fixed because as jooik said, it allows you to use a wildcard certificate to handle different domain name checkouts. This saves the time and money of having to register a separate SSL certificate per domain name, thus wasting IP addresses (SNI is too incompatible with old browsers). I think this is something important to be supported by allowing the shopping cart contents to be stored in a way that it can be passed between different top level domain names, so the above scenario can be supported.

[Dh42]

I have tested and it works with Prestashop 1.5.4, Can you post your htaccess file to pastebin, also what version are you using?

[lancealot]

Did you test between two different top level domain names, or did you test between different sub-domains? I am trying to get it to work between two different top level domain names.

 

I am running version 1.5.4.1 of Prestashop.

 

I attached the .htaccess file to this reply. If you want to test it and see the problem, go to "www.swtrading1.com". Add some products to the cart. You will see it has products. Go to checkout and it flips to the new HTTPS domain. You will see the cart is empty.

 

Suggestions??

.htaccess.txt

[El Patron]

my understanding...cookies are by domain. if you switch domain names the you do not have access to the other domains cookie. this is not a ps thing, it is how browsers work...you can only 'sometimes' share a cookie between a tld and a subdomain.

[lancealot]

If cookies are the issue then why doesn't PrestaShop offer alternative methods to storing cart information so it survives access between two different domain names? I consider it a PrestaShop issue because I currently use ZenCart and SunShop cart, and neither of these software packages have this issue. In fact PrestaShop is the "only" shopping cart software I have used that has this issue. I planned on migrating to PrestaShop for future websites, but I keep running into issues very specific to PrestaShop (the other one I ran into being it doesn't support "auto-increment-increment" in MySQL). It seems all I have been doing since I started using PrestaShop is dealing with issue after issue. Disappointed because I think the frontend and backend of PrestaShop is very nice.

Edited June 29, 2013 by lancealot (see edit history)

[Dh42]

Actually there was a bug in a few prestshop versions. You can totally do a shop on domain.com and have the secure area on secure.domain.com. Post your htaccess to pastebin and lets work this out.

[lancealot]

Dh43: I am trying to do a shop on "domain1.com" and secure area on "domain2.com", not subdomains like "domain.com" and "secure.domain.com" as you say. I need it to work across different top level domain names. Is this possible? In my testing it does not seem to work as it has worked with all other shopping carts I have used in the past.

 

I posted my ".htaccess" above in a reply. Please look at the reply above which contains my htaccess file. I have tested with the htaccess and without (turned off friendly domain names). Neither works. You can goto my site as listed in the reply above and see it does not work.

[jooik]

Hey. Thats true that for security reasons cookies cannot we shared between 2 different domains. I thought that the option in BO will work with some kind of workaround but it doesn't.

I am working now to fix that for my own use. The possible workaround would be to store the cookie content inside DB and than inside the second domain restore the cookie with the same content.

[lancealot]

jooik: Yes you are correct, the best workaround for this would be for PrestaShop to have the option of storing the shopping cart contents inside the database. I think the amount of information PrestaShop puts into cookies actually causes a lot of problems. For instance when I was testing an install problem, I kept having to remove my browser cache (cookies) because PrestaShop was storing all the information I inputted into the install forms during a failed install. I think PrestaShop might use cookies too much. For example, in ZenCart the session cookie contains simply the session ID number which identifies the visitor to the store, as separate from other visitors (http://www.zen-cart.com/content.php?317-cookies). They store most of the information into the database, for example the cart contents (http://www.zen-cart.com/wiki/index.php/Table_customers_basket). I actually think this is how most of the shopping carts work since I never experienced this problem with other shopping carts.

 

I really hope this gets fixed because I will not be able to use PrestaShop going forward until it is. I don't want to deal with the hassle and expense of not being able to use a wildcard certiicate between two different top level domain names. And no, SNI and UUC certiciate use is not a fix, I have tried and these are WAY too restrictive.

 

I really think that PrestaShop needs the option of allowing more cookie data to be stored in the database. Hopfully some PrestaShop developers are reading this :-)