Hello all, Firstly, I have to admit that I'm not sure where the fault lies here, but I'm pretty sure it's a server issue, so here goes. I have a shop running on Apache 2 / PHP (actually oscommerce). I am using an external payment gateway to handle credit card transactions. So the user is passed to the payment gateway site, then after processing the credit card, is passed back to my site. The callback address is passed to the payment gateway as part of the transaction. The callback request back to my site is performed via a GET and I can opt to have it made either as a http or https request; the latter obviously being the more desirable as the callback includes some parameters that I want to capture that are of a sensitive nature. If I opt for the callback to be a http request, the transfer works ok; the http request is made on my site, is actually redirected to make it into a https request (by virtue of the PHP application), and the browser displays the "your order has been received" page. No problem with this. However... If I opt to have the callback request as https, it all seems to go wrong - The browser seems to get horribly confused when the callback is made back to my site. The request is made (as far as I can tell, correctly), but the browser still displays the URL of the payment gateway. The little padlock on the browser still has the name of the payment gateway (on Firefox), and only half the "your order has been received" page isrendered. I can continue to move about my site, but _sometimes_ the browser seems to remain very confused (still displaying the URL of the payment gateway and displaying half/broken pages) until I select a non-SSL (http) page, after which it seems to sort itself out. The rest of the time, the browser corrects itself as soon as I select another page (or just refresh the current page).
By the way, when I say 'half a page', I mean that none of the images are displayed. And no, this is not because I'm stopping images being displayed over the SSL connection. It's because the browser is only making a single request per page (ie - not following up any links within the page).
I have tried this with MSIE, Firefox and Safari and the result is the same, so I'm guessing that it's a server issue rather than a browser fault. It's almost as if the browser is not realising that the SSL page on the payment gateway and the SSL page on my site do not use the same keys(obviously they don't). However, it must be making a correct SSL connection to my site otherwise it would not display anything at all. I DO use a different certificate authority to the payment gateway - maybe this has something to do with it, though it suggests a bug if it does.
Even if this were true, I have no idea why the browser would not try and read the images for the page; the html it receives back is exactly the same as any other request and besides a refresh of the page often corrects the problem.
I was wondering if I need to force a SSL renegotiation when the callback page is first displayed but I can't see anything in either the apache config or PHP that might do this (or even if it's the answer). Anyway, PHP doesn't care what type the connection is, so I don't expect to find any answers there. For the record, there are no errors being reported by the browser or Apache or PHP.I have looked about and I have only found one other instance of someone having a similar problem, but no answer was suggested.
If anyone out there can suggest what's going on then I'm all ears. regards, Rich. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|