SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Evangelist
    Join Date
    Feb 2006
    Posts
    426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    https to http causes security dialog box to come up?

    I'm setting up authorize.net SIM with my shopping cart. Just submitted a test transaction and everything worked perfectly EXCEPT when being redirected back to my cart to show the order confirmation, the security dialog box came up with the "do you want to proceed" yes or no thing in IE. My checkout pages on the cart are not https because I'm not collecting any credit card data. Why is the dialog box coming up? Does the very act of going from https to http cause this? Is there a fix?

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,447
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)
    What's to correct? It sounds like it's working as it should. You are going from a secure page (https) to a non-secure page (http) so the alert box is appropriate. Don't most users understand this and take it in stride?

    The only way to avoid the alert is to not go from a secure page (not a good idea), or to continue on to another secure page.

  3. #3
    SitePoint Evangelist
    Join Date
    Feb 2006
    Posts
    426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This does not seem right though. I don't recall the dialog coming up in the past when going from https to http. Someone else just tested it for me in Firefox and said there were no dialog boxes coming up. It must be an IE thing. If I go ahead and get an SSL for my checkout pages, it will eliminate the problem, but then if they leave the order confirmation page to go some place else on the site, won't it just happen again?

  4. #4
    SitePoint Guru
    Join Date
    Dec 2005
    Posts
    982
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If the customer is on a https:// page and *clicks* on a http:// link, there will be no security box. However, ff you redirect a customer from an https:// page to another http:// page, then there will be a security box because the browser is warning the customer of a change in security that they didn't request. I believe forms will also cause a security box because the url is not obvious to the customer, but I am not 100% sure on that.
    MySQL v5.1.58
    PHP v5.3.6

  5. #5
    SitePoint Evangelist
    Join Date
    Feb 2006
    Posts
    426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah thanks for clearing that up. There is no click taking place. As soon as I click the submit button, it happens quite fast and the user is directed back to the site. I suppose the only way to get around this is to use SSL for the checkout pages?

  6. #6
    SitePoint Guru
    Join Date
    Dec 2005
    Posts
    982
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use SSL for any page that has sensitive information being sent. All of the links on that page that lead to non-sensitive pages (such as the home page) can be http:// links. This won't cause any red flags and won't put the extra burden on the server to encrypt every page.
    MySQL v5.1.58
    PHP v5.3.6


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •