My main site is strictly HTTP://. In an effort to provide customer security while using the shopping cart, I installed an SSL certificate on my domain. When the customer clicks on a buy-now button on the HTTP:// site, it takes them to the shopping cart function, but with HTTPS:// directives.

This looks great, and works fine UNTIL PayPal sends the purchase summary back to the shopping cart url (php page). The sale is processed, properly but the return to the shopping cart page is blocked with a 403 error.

If I send the purchaser to a HTTP:// shopping card system, all works well.

The short of it... Where in the ccdata or php code do I look/change so that the return from PayPal will go to the HTTPS:// page, without getting a 403 error.

http://www.norlightspress.com

Thanks - Vorris

I think those pages and links are stored directly on the PayPal server and cannot be modified. There really is no need to run the shopping cart itself over HTTPS as no information is collected or stored. When the user proceeds to checkout, it switches to https on the PayPal server.

While I agree there is no actual need to have the shopping cart secure, most people expect it from shopping at other sites that are secure. Therefore I, and apparently others, have decided to make SCC pages secure to ease peoples minds. SCC should allow for this since most people feel better shopping on a secure site.

I use Amazon as a good example. They do not run anything on a secure site until you click on the proceed to checkout link.. You can browse, add items to a cart, view cart all under http

Scott,

I agree many different business's will do many different things. That's my point though. Vorris and I both(as do others) think it's an advantage to secure the whole shopping site. People these days are very aware of how important security on the internet is. You and I understand it's not needed on this shopping cart. But there will be a bunch more that will feel better about spending some time shopping on a site that is secure. And it doesn't cost much to do either.
Another example would be the pages I have set up with forms on them that are linked to SCC site. I want people to feel comfortable giving me their info on my forms, so those pages are secure. Since it is linked to my SCC pages I want it to be a seamless transition from form to cart.

Well said Craig. It's all about perception, and gaining potential customers trust. And for those of us who provide services to businesses who want to be nvolved in e-commerce, we need them to trust that we understand their customers fears (even if they may be slightly unjustified). Only then will they trust us. And if our tools don't make it easy to portray that image of security, then we look to tools that can.

Been looking on the forum and I'm not clear on this issue. Will a dedicated SSL certificate work on my site created with SCC or will it just create problems. I can understand that it is not necessary, although I really would prefer not having a "unencrypted" warning pop up after a customer checks out with Paypal and returns to my site. I would guess that many of our ecommerce customers will not be particularly tech-savvy and may be scared off by this kind of warning when they make a purchase. Not sure what to do.

I think that SSL is more of an issue when people input personal details onto a website. Not just financial data, as many folks are also wary of online scammers trying to get personal details off victims to utilise in identity fraud. The reality is however, that a SSL certificate can be bought by anyone for just a few dollars without any background checks, making it all a bit pointless then.

Getting returned to a site that doesn't have SSL is not too much of a major problem, as not every browser throws up a warning message. It used to be just PayPal Express on IE6 that used to do that.

Shopping on any site is all about reassurance that you are physically going to supply goods. Doing things like having a detailed 'about us' page and having clearly defined policies and returns procedures will all help to install confidence in potential purchasers. The folks that are NEVER going to be buying anything off the internet, are usually the ones that don't even have the internet...

Thanks, this makes sense to me. I do plan to have a form on our site that will collect some personal information - name, phone no., recipient name/address, and card message.

I'm not too up to speed on the tech stuff, but when I did a test run of my shopping cart, everything worked great. But when I clicked the link on the Paypal page to go back to my page, up popped a window "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and can easily be read by a third party, etc. etc...." I used Firefox.

I personally wouldn't worry too much about those messages, as most folks just tend to ignore them anyway.