My Sites

dotProject
SharedFiles.me


SocialTwist Tell-a-Friend
facebooklinked_intwitter

Translate

English Afrikaans Albanian Arabic Chinese (Simplified) Czech Danish French German Italian Japanese Portuguese Russian Spanish
TimKrause.info Main Feed

 
PDF

Securing Login with SSL

User Rating: / 0
PoorBest 
Joomla FAQs - Troubleshooting
View Comments

I recently purchased and installed a SSL certificate, and enabled SSL for both the public and administrative sides of my Joomla! 1.5 site.

I tested both quickly by changing the URL to https instead of http and everything seemed to be fine.When I login to the administrative backend the URL automatically changes to https. Perfect. The front-end of the site doesn't. I researched possibilities for rewriting the URL using the .htaccess file. I couldn't really find anything that worked.

With a significant amount of additional research, I finally came across a posting here that solved the problem, with a little bit of additional clarification which I offer below:

  1. Edit the module that you use for login; in this example, I use CB Login.
  2. Change the parameter that manages whether login is secure, or not:
    https_login

There are three options. In the example above, I'm using use https (encrypted) for login and after login. My assumption is that if someone chooses to login, that activity should not only be secure, but so should everything after login.

The other options:

use https for login then same as page

use same as page

These options may work better given your circumstances. Because I can't find a way to force the front-end to be secure, the option above works best for my site at this point. Stay tuned if I learn more.

Jan. 31, 2010 - I ran into one additional item and finally had an opportunity to research it. VirtueMart started telling me that I had cookies disabled. The only thing that I could think of that had changed was the installation of the SSL certificate. In researching the problem, there have been a number of developers reporting the same problem; unfortunately, almost all of those requests for help have gone unanswered.

The suggestion that seemed the most likely is that VirtueMart's configuration requires you to provide the URL for both the secure and non-secure (if any) sections of the site. I knew that I hadn't made that change. In my first attempt to fix the problem, VirtueMart's administrative control panel would log me off. First, I had to disable SSL on the site, then adjust VirtueMart's paths, and then re-enable SSL.

blog comments powered by Disqus
back to top
Last Updated on Sunday, 31 January 2010 13:29
 
 
 
 
Joomla 1.5 Templates by Joomlashack