We have been running CE version 184.108.40.206. The issue is when switching from http://... to https://..., when for example checking out.
Under http:// I can select a product to purchase and add it to the cart with no problems. However if I switch from http:// to https:// the cart is now empty. If I go back to http:// there is an item in the cart.
I have searched for causes and check most of them The server date/time is correct.
Today I upgraded the site and database to CE 220.127.116.11 and the problen with HTTP/HTTPS is still there.
It also happens when logging into admin where if I login as HTTP:// and switch to HTTPS:// I am put back to the admin login page again.
Any help/ideas much appreciated.
Go to the Magento Admin, System -> Configuration -> Web.
There you have two section where you have to pay attention:
- Session Cookie Management
- Session Validation Settings
All those settings affect you possibility to keep cart content during switching from http to https, and vice versa. For beginning, you can try to set Cookie Domain and Cookie Path to empty values, and Use HTTP Only to "Yes". Clear the cache and check how it works.
Also, Session Validation Settings affect ability of your Magento to recognize if Customer who uses session is hacker (man-in-the-middle) or not. Depending on your HTTP/HTTPS service, there may be an issue about forwarding or setting some of those fields. Try different combination, for example use only "Validate REMOTE_ADDR".
Let me know if you solved the issue.
Have you considered running everything in your store from HTTPS? It will prevent your store from losing sessions. And after Feb 1 this year, it's pretty much mandatory for all websites anyway because Chrome and FireFox browsers will show "connection is not secure" warning to your visitors in the store and not many people will want to buy something in the store which shows that message.
You can find more details on my article here: Fully Secure Store is not Optional Anymore
if it's setup properly, your store will be even faster running from HTTPS and search engines and your customers will be happy = more sales.
Hope this helps.
"if it's setup properly, your store will be even faster running from HTTPS".
This is not true. HTTPS has overhead because of handshaking, especially initial handshaking which can be pretty slow. With HTTP/2 those differences are smaller, and in a majority of use cases, they will be insignificant.
It's a good point about HTTPS that is better to go over HTTPS (and to utilize HTTP/2) because of browsers and Google search engine started to force merchants (and other site owners) to do the same.
Yes, i agree with you - everything else being equal, http will be faster than https.
but the point I was trying to make was: if when we compare the performance of a store running from HTTP on a server without HTTP/2 and ALPN support and the same store running from HTTPS on a server with HTTP/2 and ALPN support, we see a significant improvement.
this is what I mean by "setup properly" so people do not just go and switch store from HTTP to HTTPS which will just slow them down by 30% or so.
Is their any way we can set up (Secure & HttpOnly) attribute on all cookies in magento 1?
Have you thought about running everything in your store from HTTPS? It will keep your store from losing meetings.