View Issue Details

IDProjectCategoryView StatusLast Update
0002545OXID eShop (all versions)4.08. Cachepublic2015-09-04 08:52
Reporterhenrik.steffen 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionduplicate 
PlatformallOSallOS Versionall
Product Version4.4.6 revision 32697 
Target Version4.6.6 revision 54646Fixed in Version 
Summary0002545: Login from homepage gives cached non-ssl page and produces browser warnings
DescriptionWith caching enabled in OXID eShop EE a login from the shop homepage will lead to a browser warning window message in MSIE8 about "mixed content" / "insecure elements".

This is because a login always leads to an https:// URL with SSL enabled.

However, the page which the user is being redirected to is often loaded from the cache backend instead of being genereated freshly. The cached copy comes often from a non-SSL URL, so all <img src>-tags for dynamic images are loaded from the non-SSL image-URL as well.


Steps To ReproduceYou can see that pretty good, when you first clear the cache and open your shop homepage with https:// -- then this copy with all the <img src>-tags leading to https://-pathes for all images is stored to the cache.

If you then open the homepage with http:// without SSL, still all <img src>-tags are https:// - which of course is unneccessary then.

The other way round, of course, it's even worse - because users will receive the browser warning message for mixed content.

TagsCache, HTTPS
ThemeBoth
BrowserInternet Explorer 8.x
PHP Versionany
MySQL Versionany

Relationships

duplicate of 0004798 resolvedaurimas.gladutis Dynamic Content Cache doen't take SSL into accout for Cachekeys 

Activities

henrik.steffen

2011-02-21 19:44

reporter   ~0004150

Last edited: 2015-09-04 08:51

View 2 revisions

See warning messages for instance in the EE oxid eshops:

zooroyal(dot)de
store.gravis(dot)de
www.koffer-direkt(dot)de

Edit by Michael Keiluweit: Changed the links on demand, therefore they aren't indicated anymore.