View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002545||OXID eShop (all versions)||4.08. Cache||public||2011-02-21 19:27||2015-09-04 08:52|
|Product Version||4.4.6 revision 32697|
|Target Version||4.6.6 revision 54646||Fixed in Version|
|Summary||0002545: Login from homepage gives cached non-ssl page and produces browser warnings|
|Description||With caching enabled in OXID eShop EE a login from the shop homepage will lead to a browser warning window message in MSIE8 about "mixed content" / "insecure elements".|
This is because a login always leads to an https:// URL with SSL enabled.
However, the page which the user is being redirected to is often loaded from the cache backend instead of being genereated freshly. The cached copy comes often from a non-SSL URL, so all <img src>-tags for dynamic images are loaded from the non-SSL image-URL as well.
|Steps To Reproduce||You can see that pretty good, when you first clear the cache and open your shop homepage with https:// -- then this copy with all the <img src>-tags leading to https://-pathes for all images is stored to the cache.|
If you then open the homepage with http:// without SSL, still all <img src>-tags are https:// - which of course is unneccessary then.
The other way round, of course, it's even worse - because users will receive the browser warning message for mixed content.
|Browser||Internet Explorer 8.x|