I have a ssl and it seems to be working, but not correctly. My M5 storefront shows the secure (padlock) at the bottom, but none of my other pages show it. I'm also getting the "secure and non secure items" warning on only some pages. I had my host set it up so no matter what you type for an address (http, www, or https) it always goes to https. This is what they told me

(This is regarding the SSL issue on your account. I just did
some minor modification, so now the whole site is opening
securely. There is no way to have only part of it secure,
since it has been set up with a frame redirect. The actual
store was opening securely before, but since the address
stayed the same it didn't show. Now it does, everything
opens with "https".)

www.eastcoastcollectibles.net (http://www.eastcoastcollectibles.net)

Thanks

Why are you running your store inside a frame of a different domain? I think you're going to have no end of problems getting things to work reliably in that configuration.

You should always search the forums before posting - this has been addressed several times.

http://extranet.miva.com/forums/showthread.php?t=5497&highlight=secure+non-secure

Even better word to search would be frames

http://extranet.miva.com/forums/showthread.php?t=474
http://extranet.miva.com/forums/showthread.php?t=429

I've seen attempts made using frames and it's cumbersome because the whole frameset needs to be https - then you run into even more issues.

I have searched the forums and found nothing, but i searched through security problems.
I had no idea that my store was using frames, as I am new to this all.

Yep, it's framed within <frame src="https://eastcoastcollectibles.net/mm5/merchant.mvc" name="mainFrame" > but there doesn't seem to be a reason for that; then the store runs on <base href="https://pro34.abac.com/eastcoast/mm5/"> which is going to cause cookie/basket problems when people are shopping.

but there doesn't seem to be a reason for that;

Frame hosting? But no info to support that theory...

Frame hosting? But no info to support that theory...

Not sure what you mean? The frame code I pasted is from the site's index page which sets up the framing; then the store runs on the different URL that I posted the code from. So the store is running on one domain inside a frame while the frame makes the URL bar show something else; this is where you run into problems with cookies being accepted since the store will be sending them on a domain other than what the browser thinks it is currently on.

Frames and e-commerce don't mix.

In fact, they are downright evil!

Besides the security issues, you'll wind up with issues with empty baskets, shoppers losing their logins, etc.

Then you have the secure vs. insecure items issues.

Ditch the frameset.

I second that, Frames and MIVA Merchant do not play together at all.

Its not just MIVA Merchant. Frames are often misunderstood and quite over used.

If not coded 100% correctly, they will wreak havok on debugging security issues. So my opinion, is just say NO (Nancy Regan would be proud of me) to Frames in e-commerce designs!

I have a ssl and it seems to be working, but not correctly. My M5 storefront shows the secure (padlock) at the bottom, but none of my other pages show it. I'm also getting the "secure and non secure items" warning on only some pages. I had my host set it up so no matter what you type for an address (http, www, or https) it always goes to https. This is what they told me

(This is regarding the SSL issue on your account. I just did
some minor modification, so now the whole site is opening
securely. There is no way to have only part of it secure,
since it has been set up with a frame redirect. The actual
store was opening securely before, but since the address
stayed the same it didn't show. Now it does, everything
opens with "https".)

www.eastcoastcollectibles.net (http://www.eastcoastcollectibles.net)

Thanks

Hi:

I'll explain from a different direction.

First, there's no need for the site to ALWAYS load in secure mode (https://) - all that does is slow down the site and require more server resources. The reason the host did this was likely due to the frames (frames allows site pages to run "inside" other pages). From looking at your site, they aren't even serving a purpose.

In short, following suit with everyone else, get rid of the frames.

Once you get rid of them, make sure to change the domain settings so only the necessary pages run in secure mode. If you still get alerts on secure pages, those will likely be do to image calls.

Frames - just dont do it .......... I can think of more than a dozen reasons.... why why why ???????? The horror!

Ok, iget it, ditch the frames. Until yesterday I thaught a frame was a good place for a picture. When I made the site all I did was use the MIVA wizzard. Is the frame thing done by my host (aplus.net) and are they the ones to get rid of them. If not, is there info in the forums or help files to do it myself.


Thanks all,

sounds like aplus problem

sounds like aplus problem

Yeah, sounds like this wizard is doing some kind of install for you that runs your store on an aplus url but hides it within your own url.

That depends on how you actually designed the site. If you used some sort of webhost provided HTML design too, that could have created the frames.



Ok, iget it, ditch the frames. Until yesterday I thaught a frame was a good place for a picture. When I made the site all I did was use the MIVA wizzard. Is the frame thing done by my host (aplus.net) and are they the ones to get rid of them. If not, is there info in the forums or help files to do it myself.


Thanks all,

I used the wizzard that is built into MIVA 5 to buid the store.

I used the wizzard that is built into MIVA 5 to buid the store.

No, that's okay, the frames thing is something that has been done outside of Merchant; maybe through some aplus installation script.

So I should contact them and have them get rid of the frames. Will I have to rebuild my store after?

So I should contact them and have them get rid of the frames. Will I have to rebuild my store after?

No, store should remain as-is. If you want, private message me your email address and I'll send you some possibilities to just redirect your incoming traffic to the Miva Merchant store outside of the frames and the settings you'll need to adjust to make Merchant run on your domain.

I meant the overall HTML of the site.

However, sounds like David is correct. They wouldnt be the first host (nor likely the last) to tinker with the admin to do something it shouldnt :)

Ok, sounds good. I am finding that I am having to learn to do alot that I would have expected aplus.net to be doing. Should I first try to get them to fix the frames issue before attempting it myself?

Ok, sounds good. I am finding that I am having to learn to do alot that I would have expected aplus.net to be doing. Should I first try to get them to fix the frames issue before attempting it myself?

Actually, the host shouldn't be responsible for setting up the store other than simply putting the appropriate files. Unless you're paying them to build it for you...

They should be responsible for how it is being veiwed from their server though, Frames or not?

They should be responsible for how it is being veiwed from their server though, Frames or not?
If you did not put the frameset in, I would definitely confront the host to see where it did come from. If they actually set the site up this way, there are major issues with that.

I don't think I did, all I did was build the store using the MIVA 5 wizzard.

Have to go, I will check back tomorrow.

Thanks all for the help.

They should be responsible for how it is being veiwed from their server though, Frames or not?

Maybe, maybe not. If you put the content up yourself (did you use an HTML editor?) then they should NOT be liable. If THEY put it up, then perhaps, unless they put up what you requested.

If the Wizard itself did this, then it's MIVA's responsibility.

I might add that you shouldn't be using the wizards anyway. They are very limited in what they do and they won't help you "learn" how to run your store.

If the Wizard itself did this, then it's MIVA's responsibility.
I just don't see a stock MIVA Wizard installing a frameset. If the user did not install the frameset, I would look to the host next.

The problem is solved, Dave helped me through it. Thanks all,