HostMonster Web Hosting Help
OSCommerce will not keep my sessions between HTTP and HTTPS.
When I try to log into my OSCommerce shopping cart using https://secure.HostMonster.com/~username url, my shopping cart isn't the same. It is as though I have 2 carts, one for HTTP (unsecure) and one for HTTPS (secure).
This is a problem with the cookie settings. These are easy to fix with a simple change in the includes/configure.php file. For this example, I will be using the https://secure.HostMonster.com/~username url.
Note: You may replace this url with any secure path you are currently using.
Edit the configure.php file located in the includes directory for your OSCommerce install. For this example it is:
I have 5 lines in the configure.php file which I am concerned with:
- define('HTTP_SERVER', 'http://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
- define('HTTPS_SERVER', 'https://secure.HostMonster.com/~username'); // eg, https://localhost - should not be empty for productive servers
- define('ENABLE_SSL', true); // secure webserver for checkout procedure?
- define('HTTP_COOKIE_DOMAIN', 'www.domain.com');
- define('HTTPS_COOKIE_DOMAIN', 'secure.HostMonster.com');
The third line defines that when you are dealing with checking out and account configuration, it uses a secure link. All other links will be unsecure. You want to make sure that the HTTP_SERVER and HTTPS_SERVER domain names are equal to the HTTP_COOKIE_DOMAIN and HTTPS_COOKIE_DOMAIN setting as well. You will notice you do not include the "https" or the "~username" or any other folders at all, just the domain name.
With these settings, your viewers will have a seamless transition between secure and non-secure sites.