When I enable UC SSL, I am no longer able to add products to my cart. Additionally, the site actually doesn't use SSL.

So, I'll add a product to the court and it takes me to http://www.mysite.com/cart (not the https version) and says that there are no products in my cart.

If I disable UC SSL, and add a product to my cart and manually change http to https, everything works as expected. It's only when UC SSL is enabled that things stop working. But SSL is definitely configured correctly and working on the site.

Comments

Lloyd’s picture

Lloyd CreditAttribution: Lloyd commented

Any advice?

Lloyd’s picture

Lloyd CreditAttribution: Lloyd commented

Still trying to figure this out.

I excluded cart and cart/* from boost caching.

I'm adding products and accessing the cart via a cart link.

When I click on the cart link as a logged in user, I am redirected to the cart but there are no products in the cart and I've been logged out.

chris-cmfi’s picture

chris-cmfi CreditAttribution: chris-cmfi commented

+1

Luisvsm’s picture

Luisvsm CreditAttribution: Luisvsm commented

I'm having a similar issue, I'm thinking that the sessions are broken between http and https.
It could be related to the core issues here that are also holding up the Secure Pages 7.x port: http://drupal.org/node/952820

A short term fix could be using a .htaccess file to always redirect to https, keep in mind that you will see a performance hit for sites with high traffic.

Lloyd’s picture

Lloyd CreditAttribution: Lloyd commented

I imagine that temporarily redirecting your site to https would have massive SEO issues and is not a viable solution. There's probably a workaround but that's a fair amount of work for overcoming something so critical that it's shocking it's not fixed.

Lloyd’s picture

Lloyd CreditAttribution: Lloyd commented

I was able to apply the patches and settings.php page as outlined in the Secure Pages module to get Secure Pages to work correctly. But those changes did not allow Ubercart SSL to work. So my suggestion is to use Secure Pages and not this module until this major issue is fixed.

crystaldawn’s picture

crystaldawn CreditAttribution: crystaldawn commented
Status: Active » Closed (fixed)

Fixed in the new releases.

nelslynn’s picture

nelslynn CreditAttribution: nelslynn commented

This issue is reappears when using Drupal 7.21 and Ubercart 3.4. I add a product to the cart, and get redirected to an empty cart. I disable uc_ssl and everything works fine.

nelslynn’s picture

nelslynn CreditAttribution: nelslynn commented
Status: Closed (fixed) » Active

Forgot to mark active

EDIT: I was able to get this to work by adding $conf['https'] = TRUE; to settings.php Found this hint here: http://drupal.org/https-information Perhaps you should add this link to the project page?

newshoemedia’s picture

newshoemedia CreditAttribution: newshoemedia commented

This is a huge problem! How can anyone use Ubercart 3 with Drupal 7 without functional SSL?

I have the same problem as OP - when I add products to the cart on the http:// site, they are visible in my cart block in the sidebar, but when I click "View Cart" or "Checkout," I'm taken to https://site.com/cart and it says the cart is empty.

I was also able to fix this by $conf['https'] = TRUE; to settings.php, but I also had to set the $cookie_domain in settings.php to $cookie_domain = '.site.com';

timb’s picture

timb CreditAttribution: timb commented

I got everything working when following directions in #10. This should be documented on the project page, as well as in a readme.

dgtlmoon’s picture

dgtlmoon CreditAttribution: dgtlmoon commented

if you're *still* having troubles, try letting the /cart go via non-SSL but everything else via SSL

for example

@@ -81,7 +81,7 @@ function uc_ssl_include_ssl_paths()
{
global $user;
$paths = array(
- 'All Ubercart Cart pages' => '/cart*', //Secure ALL cart pages.
+ 'All Ubercart Cart pages' => '/cart/*', //Secure ALL cart pages.

This worked in my situation, somehow it wasn't getting the chance to generate the Session in the right sequence or something

crystaldawn’s picture

crystaldawn CreditAttribution: crystaldawn commented
Priority: Major » Minor
Status: Active » Postponed (maintainer needs more info)

I dont know why people are having to enter the $conf config variable. Check out what's already in the module:

//the $conf['https'] option MUST be enabled if mixed ssl mode is enabled.  We make sure its enabled here.  If it's not enabled then user
   //sessions will not persist across the secure and non-secure domain names resulting in the user being prompted to log in whenever they are
   //sent to a secure page.
   if (uc_ssl_switch_to_non_ssl() && !isset($conf['https']) || (isset($conf['https']) && !$conf['https']))
   {
      $conf['https'] = TRUE;
   }

If this is failing to set https to true, then we need to figure out what is causing that to happen. I cannot reproduce it myself, so someone who has this issue will have to debug it I guess. Since modifying the settings.php file seems to fix this and that is a normal drupal process I am marking this as needs more info and setting it to minor.

Setting the cookie domain doesnt have anything to do with https, and if you need to do that, its for a reason other than SSL.

crystaldawn’s picture

crystaldawn CreditAttribution: crystaldawn commented
Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)