Authentication and Shared SSL – nopCommerce
Something I do not understand with the shared SSL and how it could work
the nopCommerce installation is running as http://www.myshop.com
I want to use a shared SSL: https://myshop.myhost.com
(this is not a directory but a proper certificate installed in IIS)
I create a website in IIS 7 / win2008 and do the following binding:
after installing a certificate for myshop.myhost.com in IIS
I can navigate to both with no problem
In nopCommerce global settings I have :
use SSL + shared SSL = https://myshop.myhost.com
Now if I navigate in the website
When I hit Login: it goes to https://myshop.myhost.com/Login.aspx
If I login it authenticates me for the domain myshop.myhost.com
Then I am redirected to the non SSL page: http://www.myshop.com
This is not the domain for which I am authenticated, the authentication cookie would not work, so I am not logged in!
So basically that cannot work in this configuration
The only way it to have a non shared SSL where both SSL and non SSL domain are the same, so i am authenticated in both.
Any viewpoint on this?Try this link.
http://weblogs.asp.net/scottgu/archive/2005/12/10/432851.aspxActually. If its just a sub domain.
i.e you have shop.myhost.com and www.myhost.com you can do as below
thank you for the information, it was helpful.
The subdomain modification is working well
But I think that if we use different TOP domains for the shop and the shared ssl, then there is no simple solution.
The browsers themselves are persisting cookies per domain, so I would only be able to share cookies within the same top domain... so we would need to generate 2 authentication cookies within the same application