31 replies [Last post]
brad's picture
Offline
Joined: 04/16/2009
Juice: 12
Was this information Helpful?

I'm going crazy here with Drupal 6.10, Ubercart 2.0-beta6, the Secure Pages 1.7 module, and SSL.

The problem is, whenever the user goes from HTTP to HTTPS by clicking on "Add to cart", the session information is lost and the cart becomes empty.

I've read other posts, discussing the $cookie_domain, $base_url, session.cookie_secure, etc. I have changed these values to no avail. I'm currently trying the following in the site's settings.php file:

if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
  $base_url = 'https://ssl.shared-domain.com/client';
  //$cookie_domain = 'ssl.shared-domain.com';
  //ini_set('session.cookie_secure', 1);

} else {
  $base_url = 'http://client-domain.com';
  //$cookie_domain = 'client-domain.com';
  //ini_set('session.cookie_secure', 0);
}

Setting the $cookie_domain to either URL above doesn't work. I've tried clearing the drupal_sessions table and deleting all cookies on my browser.

We host numerous domains all from the same server, including the SSL site. All of them use one common domain for HTTPS. We are moving forward with Drupal and are trying to get Ubercart working. The domains are hosted under one base Drupal install in the sites directory.

I have installed the Secure Pages module and configured it to handle all pages with "cart*" in the URL. I'd rather not have to make the entire client site HTTPS to fix the session problem.

Any ideas would be greatly appreciated!

torgosPizza's picture
Offline
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.
Joined: 08/14/2007
Juice: 4111
Re: Cart becomes empty upon checkout - HTTP to HTTPS on differen

I think as long as /cart and /cart/checkout are both SSL, you shouldn't see this problem? That's what fixed it for us (and some others) without having to edit base_url stuff. But if you have a multisite setup spanning different domains, that is most likely a cookie issue. When you are testing, make sure you have deleted your cookies first, since you might be having them stored locally and caching rather than becoming updated with your new Drupal settings. Those are my thoughts anyway.

--
Help directly fund development: Donate via PayPal!

Troy Dalmasso's picture
Offline
Joined: 08/06/2008
Juice: 106
Re: Re: Cart becomes empty upon checkout - HTTP to HTTPS on diff

My client seems to be having this issue with their site too. Strange thing is that the issue is inconsistent. There are five people who have tested it on different machines: the Macs are all working and some of the Wintels but two Wintels have failed, one failed in both FireFox and IE and the other one in just IE. I *think* Safari worked okay on these Wintels.

The designer has thus far guided their troubleshooting efforts and he made sure they were logged out of their various admin accounts.

We don't have the cart and cart/checkout both using SSL so I'm considering switching that over if I can't figure this out. What is even more strange is that only the most recent product type (event tickets that were added to the system a few weeks ago) seems to have this issue. The original product type (a magazine subscription), that has been in Ubercart for awhile now, seems to be working without issue.

If anyone has any other suggestions, let me know?

Troy Dalmasso's picture
Offline
Joined: 08/06/2008
Juice: 106
Re: Re: Re: Cart becomes empty upon checkout - HTTP to HTTPS on

I've added cart to the secured domain and it seems to be working okay now. What's really strange about this issue was the browser inconsistencies. As long as it works now though...

torgosPizza's picture
Offline
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.
Joined: 08/14/2007
Juice: 4111
Re: Re: Re: Re: Cart becomes empty upon checkout - HTTP to HTTPS

That is strange, and I don't know how it would affect one product type and not the other. If you can find a way to consistently reproduce the issue, someone could probably take a look.

--
Help directly fund development: Donate via PayPal!

coworks_dieter's picture
Offline
Joined: 02/20/2008
Juice: 50
Re: Re: Cart becomes empty upon checkout - HTTP to HTTPS on diff

I can't get the b*tch working.

The situation is like this.

HTTP site is .ca
HTTPS site is .com

I added this settings in Secure Pages and also added cart and cart/checkout to the pages that has to be at HTTPS connection. Adding a product to cart at HTTP results in a empty cart at HTTPS.

Is there any solution for this?

kathryn531's picture
Offline
Joined: 03/19/2009
Juice: 11
Empty Cart

Hi Brad,

Were you able to get this resolved? I am working on a Drupal site with the EXACT same problem. The SSL certificate is on a shared domain that's different than the client domain and the HTTPS redirect sends users to an empty cart. Please let me know if you've had any success and good luck!

deepakg83's picture
Offline
Joined: 07/24/2009
Juice: 187
Re: Empty Cart

Did you try out Troy's solution. He possibly solved it out by securing the cart itself

Deepak Gupta

kathryn531's picture
Offline
Joined: 03/19/2009
Juice: 11
Re: Re: Empty Cart

I've included both cart and cart/checkout to my secure domain through the site's .htaccess file, and still no luck. Cart contents do not carry over between the http site and the https site.

torgosPizza's picture
Offline
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.
Joined: 08/14/2007
Juice: 4111
Re: Re: Re: Empty Cart

Could it be a cookie issue? Try setting (in settings.php) the $cookie_domain variable for your site. You should set it to ".example.com" (no subdomain/prefix such as www etc. to allow all connections on that domain).

Not 100% sure that's your answer but it's worth a shot.

--
Help directly fund development: Donate via PayPal!

jgarbe02's picture
Offline
Joined: 03/10/2010
Juice: 6
Re: Cart becomes empty upon checkout - HTTP to HTTPS on differen

We've got an issue very similar, if not the same. We're running fully updated versions of Ubercart, SecurePages (with our SSL cert) Node Checkout and Masquerade to troubleshoot. There's one product type, photo submission.

Every once and a while we get either a) someone who says their cart is empty, but when we Masquerade as them, shows the products (they use IE) or b) someone running Safari on a Mac is having issues where they will go in, buy a photo, and it will empty their cart.

We're thinking it's something with their session getting destroyed...honestly I'm not sure WHAT is going on with a). We've set the domain on settings.php, and login is SSL'ed (you can't buy products anonymously) and we have turned off "revert to HTTP", so once they're SSL'ed, it's for good.

Any idea what's up? Thanks!

jasonabc's picture
Offline
Uber Donor
Joined: 05/05/2008
Juice: 581
Re: Re: Cart becomes empty upon checkout - HTTP to HTTPS on diff

I've noticed this happening if someone comes in on http://www.mysitename.com. When they checkout - Secure Pages switches them to hpps://mysitename.com (without the 'www.') and the cart contents get hosed.

brad's picture
Offline
Joined: 04/16/2009
Juice: 12
Cart becomes empty upon checkout - HTTP to HTTPS on diff

In your settings.php file, try setting your $cookie_domain like this:

$cookie_domain = '.mysitename.com';

This should work across subdomains.

milkrow's picture
Offline
Joined: 05/13/2009
Juice: 38
Cart is suddenly empty when clicking "your shopping cart"

A client's site was experiencing this same issue and Brad's fix above (thanks Brad) seemed to contribute to the fix. I opened the settings.php file and made the change from "http://mysitename.org/drupal_install" to ".mysitename.org". NOTE that I left off the subdirectory (which may have been a moot issue based on the fix prescribed here). However, what may have been key here is that the $base_URL and $cookie_domain were not the same and, in fact, the client had switched hosts and therefore the install of Drupal was now at the root and not in a sub-directory. So, that inconsistency may have been causing the cart to empty as it struggled to maintain the session. We may not be entirely out of the woods, but for now, the issue appears to be resolved. I hope this extra info helps someone. Thanks again for the great info here.

incrn8@drupal.org's picture
Offline
Joined: 12/09/2007
Juice: 22
Facebook connect

We had the same issue, and disabling Facebook Connect solved it. We had also tried the cookie_domain setting, as well as putting /cart under https. Now if we can just figure out why seemingly random orders stay in Payment Received and don't Complete, we'd be super happy Smiling

Stephanie_42's picture
Offline
Joined: 10/23/2010
Juice: 12
same here

Every now and then users on IE8 lose the session when switching from http to https (I'm using secure pages), and I don't know what's causing it.

In some instances I think that users who visit too frequently are getting tripped up in non expiring user sessions, so I've just changed the default expiry from 23 days to 3 hours. in secure pages i've got both cart/* and cart/checkout* listed as secure, and I'm about the check my cookie base setting as mentioned in this thread.

I'm using crossbrowsertesting.com since i'm on a mac, and everything tests out fine. so i'm not sure where else to look for the error. all i can say is that i'm not thrilled about using secure pages (no offense), I'd like to use an htaccess re-write so i can feel like i have more control but i'm not sure how t do it.

ixlr8's picture
Offline
Joined: 09/28/2008
Juice: 26
Had the same problem

I had the same problem for about a year now, and it's really been bothering me, because I couldn't consistently duplicate the problem.

The issue that I had, I believe stems from some inconsistencies in the session, regarding the domain name. Now I'm not entirely sure how this happens, but I believe that if someone went to http://example.com, adding a product to their cart, and went to the checkout page, they were being directed to http://www.example.com/cart/checkout (note the www). If I manually stripped out the www in the url, the cart was magically restored.

So the simple solution I used was to uncomment the rewrite rules, and redirected everyone to the www version of the url, regardless of what page they were on.

Now I'm not sure how this is going to affect sites with subdomains, but I think as long as it's kept consistent, that should take care of the problem.

awebmanager's picture
Offline
Joined: 11/11/2010
Juice: 57
Can't resolve this problem :-(

I'm setting up a Drupal 6.20 site with Ubercart 6.x-2.4 for one domain on a multisite setup, with SSL installed for the relevant domain only. I'm not using any subdomains. Secure Pages is installed and I'm getting the "hosed cart" problem going from http: to https: described here. (I was referred to this thread after first posting here which has more details.)

I've followed all the tips here for setting the $cookie_domain and matching the $base_url. I've tried doing this in the settings.php file for both the specific site domain and default and it's made no difference. I originally had cart/checkout and cart/checkout/review in the list of pages to be secure but adding /cart didn't fix it - formerly you put an item in your basket in http: and viewed it in your cart and when you went to cart/checkout you got the empty cart message, but adding /cart to the list of secure pages simply means you get the empty cart message as soon as you put something in the cart instead of when you check out.

I've also tried both ticking and unticking "Switch back to http pages when there are no matches" in the Secure Pages settings to no avail.

I am tearing my hair out. It seems my only option is to force the entire site into https: just so that the few pages that need it can run over it Sad

ixlr8's picture
Offline
Joined: 09/28/2008
Juice: 26
Re: Can't resolve this problem :-(

Are you going from http://www.example.com to https://example.com or vice versa? That was the issue I had.

awebmanager's picture
Offline
Joined: 11/11/2010
Juice: 57
Re: Re: Can't resolve this problem :-(

From http: to https: - i.e. product pages are insecure, cart pages are secure.

ixlr8's picture
Offline
Joined: 09/28/2008
Juice: 26
Re: Re: Re: Can't resolve this problem :-(

No. Check to see if you are either losing or gaining your www in the url. http://example.com and http://www.example.com are two different things.

awebmanager's picture
Offline
Joined: 11/11/2010
Juice: 57
Re: Re: Re: Re: Can't resolve this problem :-(

My certificate is set to only work on https://mysite.com The non-secure pages are http://www.mysite.com So I would expect to lose the www in the transfer.

ixlr8's picture
Offline
Joined: 09/28/2008
Juice: 26
Re: Re: Re: Re: Re: Can't resolve this problem :-(

That's the problem right there. Your users are putting things into their cart under www, and checking out without the www.do a rewrite rule to take out all the www's and it should go away.

awebmanager's picture
Offline
Joined: 11/11/2010
Juice: 57
Re: Re: Re: Re: Re: Re: Can't resolve this problem :-(

Stripping out the www in http: works! Thank you so much! I noticed your post above but it didn't register for some reason.

My problem now though is how to do an .htaccess rewrite rule on a multisite setup. The .htaccess file at the root (i.e. in /htdocs) has loads of stuff in it including the bits you un-comment-out to force the redirect, but the .htaccess file in the sites/mysite.com/files folder has only 3 lines in it by default. I've tried copying the rewrite rule lines from the htdocs .htaccess file and pasting them into the mysite file but it hasn't worked. My main domain is myothersite.com NOT mysite.com so I don't think I can do the rewrite for mysite.com in the htdocs version without messing up the installation?

Help!

milkrow's picture
Offline
Joined: 05/13/2009
Juice: 38
Re: Cart becomes empty upon checkout - HTTP to HTTPS on differen

Its been awhile since I looked at this issue, but the pieces and parts above seem to be the stuff a fix is made of:

1. Make sure your base URL and cookie domain settings are correct in settings.php
2. Make sure both the htttp://example.com and http://www.example.com URLs are dealt with in .htaccess? (did I read the posts above correctly?)
3. Make sure sessions are expiring?
I think one of the issues I'd had was related to whether or not authenticated users had logged into the site. If they added to cart, then logged in before checking out, their cart went empty as I recall.

Lastly, on some shared hosting plans, are there .htaccess files that deal with the www vs. no www issue at the root? Just wondering if there is a conflict of statements in separate htaccess files???

Hope this helps. KC

ixlr8's picture
Offline
Joined: 09/28/2008
Juice: 26
Re: Cart becomes empty upon checkout - HTTP to HTTPS on differen
awebmanager's picture
Offline
Joined: 11/11/2010
Juice: 57
Re: Cart becomes empty upon checkout - HTTP to HTTPS on differen

Brilliant, thank you so much Smiling All http://www.example.com pages now redirect to http://example.com, the transition between http: and https: and back is working fine and the cart contents are staying as they should right from beginning to end. Fantastic!

There is only one outstanding problem... As per my original post,when going to https://example.com/cart/checkout, in the "payment method" pane the credit card details form fields don't load - I get the animated "progress" bar which never resolves (screenshot attached). No other panes in the checkout are affected. If I complete all the other (mandatory) fields and then click the "review order" button, the page submits and I get a pink message box at the top saying I need to enter my card details. Now when I scroll down, the credit card fields are all there, and I can fill these in and proceed to review order, confirm and complete.

Any ideas as to how to get the fields to appear first time? As I say it only happens if you go to the checkout in https: (which is essential).

AttachmentSize
credit cards pane problem screenshot.jpg 53.3 KB
tr3online's picture
Offline
Joined: 03/23/2011
Juice: 26
Re: Re: Cart becomes empty upon checkout - HTTP to HTTPS on diff

Sounds like a javascript/ajax compatibility issue. Do you have any javascript/ajax stuff running anywhere else on the page other than the payment form?
I ran into this problem before using some faulty custom javascript.

awebmanager's picture
Offline
Joined: 11/11/2010
Juice: 57
Re: Re: Re: Cart becomes empty upon checkout - HTTP to HTTPS on

No custom scripting - the "calculate shipping cost" section above has the same effect, although it works no problem.

Thing is, if it was a bug in the code or something, surely it wouldn't work at all, rather than only on the first occasion you go to the checkout page? As I say, clicking "review order" gets the fields to load... :-S

peternemser's picture
Offline
Joined: 06/27/2011
Juice: 68
Had this problem... And finally fixed it

Checked the UID = 0, and all of the other things mentioned in this thread.

Well it turns out - that I needed to add the following line to settings.php

$conf['https'] = TRUE;

Its all working great.

-p

wigle's picture
Offline
Joined: 10/01/2009
Juice: 73
Re: Cart becomes empty upon checkout - HTTP to HTTPS on differen

I fixed this by leaving the "Non-secure Base URL:" and "Secure Base URL:" fields empty in the Secure Pages configuration.

hockey2112's picture
Offline
Joined: 05/06/2012
Juice: 169
Re: Cart becomes empty upon checkout - HTTP to HTTPS on differen

Here was my fix: I added the URL chain for my ecommerce pages to the SecurePages "Pages which will be be secure" list. (buy-now and buy-now/*). That way, SSL is triggered as soon as the shopper arrives at a product page, and stays enabled while they are on other pages of the site.