Thread: SSL logs customer out when adding item to the cart

We have SSL setup on our site. We also have the "GoNonSecureAgain" appconfig set to false.

The issue is this, a customer visits the site and logs in. After logging in if they try to add an item to their cart they are instantly logged out and the site goes back to http from https. Cart is empty. If they log back in their cart has that item.

Any ideas on where to look for the problem would be great.

Thanks

hello... I'm having a similar problem.

mine is, I am able to go to the shoppingcart page after adding. But when I select "Continue Shopping", it will go to an http link instead of https, even though I force the return url to https.

worse is if I choose to stay on my current page while I add the item to the cart, I get logged out because of the http/https problem. But if I open https site, the item is added.

Anyone knows how to solve this? Thanks.

I thought we had another post out here describing the fix...but can't seem to find it. To resolve, open the signin.aspx.cs and checkoutanon.aspx.cs pages and find the authCookie.Secure lines. Change them to also check for GoNonSecureAgain

Code:

authCookie.Secure = AppLogic.UseSSL() && AppLogic.OnLiveServer() && !AppLogic.AppConfigBool("GoNonSecureAgain");

Found it

Signin Question

I was just going to reply with that fix. Although I was unable to find a post regarding this issue when I originally had the issue. But I had the source and was able to track where the user would have been logged out.

Hi Sir George,

This didn't solve the problem. I followed the solution on the link and changed the code, then cleared my cookies.

I logged in again added a new item. But when I click "Continue Shopping", I still go to the http category page, not the https.

Hi Sir George,

This didn't solve the problem. I followed the solution on the link and changed the code, then cleared my cookies.

I logged in again added a new item. But when I click "Continue Shopping", I still go to the http category page, not the https.

Your issue is a slightly different one. You want to remain secure even when navigating away from a secure page (while the original issue was when navigating away from a secure page the authentication cookie cannot be read (because you're no longer on https) and therefore it appears that you've been logged out). To force the site to remain on https, you need to set the appconfig parameter GoNonSecureAgain to false. When this is set to true the site will force the application back to http:// regardless of what you've defined as the return URL, and will even force http:// when you try and browse directly to https://somepage

my GoNonSecureAgain is already set to false.

my problem is basically the same with akeller's. I don't really mind if it goes back to http as long as I don't get logged out when I hit the "continue shopping" button.

Can you send to support so we can take a look at the setup? I think to go any further we'll need some information which is probably better not shared in the forums

okay.. Thank you very much, Sir George.

hello again.

I have a new discovery about the problem. I found out that the problem only happens when I use a certain skin template. Each of my categories uses different templates, although the code for these template are similar, only the logos and menus are different. These templates are somehow different than template.ascx and hometemplate.ascx, though.

I used the same custom XMLPackage that displays featured products in all templates. With pages using template.ascx and hometemplate.ascx, I can add an item successfully from this custom XMLPackage and use the returnurl without logging out and not going to http page rather than https. But with pages using my category templates, the returnurl is messed up and I got logged out.

Do you think it has something to do with my category templates?

Originally Posted by AspDotNetStorefront Staff - George

I thought we had another post out here describing the fix...but can't seem to find it. To resolve, open the signin.aspx.cs and checkoutanon.aspx.cs pages and find the authCookie.Secure lines. Change them to also check for GoNonSecureAgain

Code:

authCookie.Secure = AppLogic.UseSSL() && AppLogic.OnLiveServer() && !AppLogic.AppConfigBool("GoNonSecureAgain");

This is my exact problem, after I change this code do I modify GoNonSecure to "True"?

Thanks
Zach

That's really a matter of personal preference, but we generally recommend that you do, yes. Having HTTPS on when it's not necessary is a bit of a performance hit.

I'm having the exact same problem as BloomerBeck. I have menus that differ based on whether someone is logged or not too. I've tried the fixed listed here but that didn't help.

Even though my GoNonSecureAgain is false I still end up being redirected to http: and I appear logged out. If I type back in that 's' I'm immediately logged back in right where I should be.

My testing has shown that the redirect actually works fine, but for some reason another part of the code is forcing the connection back to http instead of https as it is. I can duplicate this in my test environment too.

I fixed this problem. The solution is to add a call to RequireSecurePage() to the New routine in App_Code/SkinBase.vb.

Old Code:

Code:

Public Sub New()
	Me.New(GetTemplateName())
End Sub

New Code:

Code:

Public Sub New()
	Me.New(GetTemplateName())
	RequireSecurePage()
End Sub

Thanks Chris.

In addition, if you're setting Appconfig: GoNonSecureAgain to true you need to add.

VB

Code:

 
Public Sub New()
	Me.New(GetTemplateName())
	If Not AppLogic.AppConfigBool("GoNonSecureAgain") Then
                 RequireSecurePage();
        End If
End Sub

C#

Code:

 
 public SkinBase() : this(GetTemplateName()) 
{
    if (!AppLogic.AppConfigBool("GoNonSecureAgain"))
    {
           RequireSecurePage();
    }

}