Ubercart

Hi, thanks for the question

Firstly just to say my web host installed the secure certificate a few weeks back for the domain https://mysite.com and this works fine, i.e. if you go to any https: url without Secure Pages being enabled, you stay in https: the whole time, and likewise if you go to www.mysite.com you remain in non-secure mode the whole time.

I don't know if this is relevant but I have a multi-site setup, with three domains that point to their own Drupal sites on a shared hosting. Under /public_html/ I have these folders:
/sites/all (where the shared codebase for all sites lives)
/sites/mysite.com (the one in question)
/sites/default
/sites/mymainsite.com
/sites/myothersite.com

The SSL certificate is only installed for mysite.com and I have no other certificates installed on the server.

Some of the posts I've read on the Secure Pages module talk about changing settings in .htaccess and settings.php. Again don't know if it's relevant but the only difference in the settings.php file in the mysite.com folder and the one in the default folder is that in mysite.com I don't have any base URL set, while for default I have the base URL set as http://www.mymainsite.com The .htaccess file in all the site folders is the same as far as I can see.

Anyway, if I enable the Secure Pages module whilst in mysite.com, my setup is:
Secure Pages - enabled
Switch back to http pages when there are no matches - ticked
Non-secure Base URL: http://www.mysite.com
Secure Base URL: https://mysite.com
Make secure only the listed pages:
node/add*
node/*/edit
user
user/*
admin
admin/*
cart/checkout
cart/checkout/review
Ignore pages:
*/autocomplete/*
*/ajax/*

I use Firefox to do the admin for my site and IE to test as a public user. When testing the secure pages I get different results in the different browsers as follows:
1) If I open a new browser session in IE and am not logged in, I put a product in my basket in non-secure mode, but when I navigate to either http://www.mysite.com/cart/checkout or https://mysite.com/cart/checkout I just get taken back to http://www.mysite.com/cart and can never get to the checkout page.
2) If I open a new browser session in FF and am not logged in, I can get to the checkout page, but only because I get logged in automatically somehow when navigating to https://mysite.com/cart/checkout

In the latter case, even though I am now in the secure checkout page, the "payment method" pane breaks - I get the animated zig-zag bar thing which you get when the system is processing something, but it never resolves, so I can't enter any credit card details. If I click "review order" though, the checkout form page reloads with a message saying I haven't entered any card details - but this time the credit card pane is OK. I enter the card details and can then click through to review the order and submit and get a "your order has been processed!" message. However, if I then go back to the cart, I get these problems:
1) the product I "bought" is still in the cart
2) I get neither a customer order confirmation email or an admin confirmation email (which both work fine when not trying to use the secure pages process)
3) if I check "my orders" the order doesn't show up
4) if I check all orders as admin, the order has been created but is flagged as "in checkout". (This I suppose is what's happening in the logged-out IE session where I can never get past the cart page.)

I confirm that if I disable the Secure Pages module and follow the entire order process in *either* secure or non-secure mode (i.e. without switching between the two modes during the process), as *either* an anonymous user or as admin, the order is processed normally without any issues at all.

Frustrated!

Cheers for the link - sadly though I've tried everything on that thread and am back to square one. I've posted back to that thread to see if anyone there can help: http://www.ubercart.org/forum/support/10429/cart_becomes_empty_upon_chec...

Often this is caused by using absolute paths to elements in the page, frequently images - this means it's loading them from the http:// address and that'll give you the unsecure content warning. Try and find out what the unsecure content is.