Cart is empty after being transferred from HTTP to HTTPS part of the shopping cart

Cart is empty after being transferred from HTTP to HTTPS part of the shopping cart

If you notice the following issues on your shopping cart:

  • Cart is empty after being transferred from HTTP to HTTPS part of the site.
  • Item added while on HTTP part of the site will not appear on the HTTPS page and vice-versa.
  • For example : Item XYZ added while on http://www.myshoppingcart.com will not appear on https://www.myshoppingcart but will continue to appear on the http part of the page.

There are 2 possibilities that may cause these issues. Below are the explanation and also the workaround.

1) Shared SSL

The easy way to see if you are running shared SSL is to check the domain name of the HTTPS page. If the full domain name is different from your shopping cart domain, your are almost certainly running on Shared SSL certificate.

For example : :

http://www.myshoppingcart.com -> https://secure.mywebhost.com/myaccount (This is SHARED SSL)

http://www.myshoppingcart.com -> https://www.myshoppingcart.com (This is DEDICATED SSL)

VP-ASP does not support shared SSL and will not work properly with it. When the customer is being transferred to the secure area, the web browser will use a new session ID due to the different domain name and thus the references to the previous session will be lost.

If you do require an SSL certificate, we highly recommend you to use a dedicated SSL certificate. You may need to check with your hosting to provider to ensure they allow dedicated SSL on your account.

2) IIS setting "New ID on Secure Connection (keepSessionIdSecure)" is enabled.

If you have a dedicated SSL installed but still having the same issue, your sever may have the IIS option "New ID on Secure Connection (keepSessionIdSecure)" enabled.

If this is the case, a separate session ID will be used for the HTTPS page and the cart will not be able to access the old session that hold the content and the cart and thus you will experience "Cart is empty" issue.

To resolve this, you will need to disable the option "New ID on Secure Connection (keepSessionIdSecure)" which can be found on IIS -> ASP -> Session State configuration folder.

 

Smiley face

Smiley face

Alternatively, you could also create a web.config file with the following content:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<asp>
<session keepSessionIdSecure="false" />
</asp>
</system.webServer>
</configuration>


Times Viewed:
11028
Added By:
Frank
Date Created:
3/23/2010
Last Updated:
8/15/2017