[FIX] SSL link loops -> timeout
Posted: Wed Jul 15, 2009 2:14 pm
This one cropped up here:
http://www.interspire.com/forum/showthread.php?t=13676
Version
4.0.x - 4.0.9 (not 5.x)
Symptoms
Every time someone tried to create an account or login or went to any of the pages where the secure part of the site should kick in, it went into a loop that never finished. QED: No customers no sales, lots of tears...
Cause
The problem is caused by the host apache setup rewriting the [HTTP_HOST] component in the $_REQUEST headers so that it includes the SSL port "443" as a distinct part of the string instead of leaving it under the [SERVER_PORT] header.
The Interspire Shopping Cart code does some checking of the request or posted URL when it thinks it should be secured but unfortunately it assumes that if the host header is not the same as the host component in the $ShopPath configuration variable then it fails.. This includes if there's a port tagged on the end.
The Solution
http://www.interspire.com/forum/showthread.php?t=13676
Version
4.0.x - 4.0.9 (not 5.x)
Symptoms
Every time someone tried to create an account or login or went to any of the pages where the secure part of the site should kick in, it went into a loop that never finished. QED: No customers no sales, lots of tears...
Cause
The problem is caused by the host apache setup rewriting the [HTTP_HOST] component in the $_REQUEST headers so that it includes the SSL port "443" as a distinct part of the string instead of leaving it under the [SERVER_PORT] header.
The Interspire Shopping Cart code does some checking of the request or posted URL when it thinks it should be secured but unfortunately it assumes that if the host header is not the same as the host component in the $ShopPath configuration variable then it fails.. This includes if there's a port tagged on the end.
The Solution
- Take a backup copy of your existing ssl.php file.
- Replace the lib/ssl.php file with the one attached.
