homepage Welcome to WebmasterWorld Guest from 54.198.42.105
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
Handling HTTPS to HTTP during checkout
groovyhippo




msg:3424513
 9:53 am on Aug 17, 2007 (gmt 0)

How do you handle the following HTTP/HTTPS situation on your e-commerce sites?

Customer browses site over HTTP. Customer enters checkout process over HTTPS. Customer spots something else they need so they click on a link to that product and continues browsing.

Looking at other (big) e-commerce sites, there are basically 2 ways of handling it:

1. Once they are within the checkout process they are HTTPS, so any clicks to another product will also be HTTPS. So they could end up surfing the entire site over HTTPS.

2. Once they enter the checkout process, remove any distracting links. Once they've completed the checkout, then they can be redirected to HTTP to continue surfing.

Option 1 could put an additional drain on resources. And option 2 could miss out on some potential add-on sales.

I suppose I could change all links to be fully qualified http:// during the checkout process but that doesn't seem a very elegant solution.

 

rocknbil




msg:3424523
 10:20 am on Aug 17, 2007 (gmt 0)

Your last is correct - what you want to do is on any page that is on https, alter all links that go back to general shopping to be the full URI to non-https. If your checkout template is a single file (which it should be) this is an easy deal. I don't think taking away links to simplify your problem as a developer is a good idea as far as the customer is concerned.

What is not elegant about that? You have the pages that need to be secure secure, and the ones that are not are not and load faster. To browse over to checkout and just leave the customer on https is well, sloppy. :-)

There is one hiccup you need to consider. If you are using cookies to keep track of cart contents, when you move to https, you need a method of passing some unique identifier and reset a new cookie. Then when you move back to the non-https, you need to do the same thing in reverse. A cookie can only be read from the domain it was originally set on, and when moving back and forth the browser sees them as two separate domains and cookies. It's not that big a deal to do though.

groovyhippo




msg:3424640
 1:13 pm on Aug 17, 2007 (gmt 0)

By not elegant, I mean that in my included header and footer files it will no longer be as simple as having references like /images/box.gif. I will have to check the $_SERVER value (in PHP) and then all my links will have to be $protocol/$domain/images/box.gif even if $protocol and $domain are empty.

Hope I've explained that clearly!

The cookie stuff is already working, so that's fine.

sandyeggo




msg:3425135
 9:09 pm on Aug 17, 2007 (gmt 0)

Option 2 is better for a few reasons.

1) Duplicate content served over https
2) Distractions in the buying process are bad. Once you started checkout (shipping info) your goal is to get a verified payment. If you want to upsale do it at the view cart step or after they add something to the cart which should all be on the http side anyway.

jwolthuis




msg:3426271
 8:08 pm on Aug 19, 2007 (gmt 0)

Option 1 is better. The shopper may receive a "the URL you are being redirected to is not secure" message when you try to switch back to HTTP. Also, the "drain on resources" caused by SSL is minimal.

rocknbil




msg:3426650
 10:00 am on Aug 20, 2007 (gmt 0)

The shopper may receive a "the URL you are being redirected to is not secure" message

This is only true if the immediate action is on a secure server and the server directs to or includes insecure items. That is, if you submit a form then redirect to a non secure page, you will get this message. It will never occur from any link to a non-secure page from a secure page.

Forcing your visitors to browse over https which is often less than half normal speed is pretty annoying.

groovyhippo




msg:3427181
 7:16 pm on Aug 20, 2007 (gmt 0)

I think I'm inclined to agree with sandyeggo. I might be missing out on a few extra additions to the shopping cart, but maybe I shouldn't really have any distracting exit points once they've clicked that checkout button. It's hard enough to get them that far after all.

pageoneresults




msg:3427187
 7:21 pm on Aug 20, 2007 (gmt 0)

I think I'm inclined to agree with sandyeggo. I might be missing out on a few extra additions to the shopping cart, but maybe I shouldn't really have any distracting exit points once they've clicked that checkout button. It's hard enough to get them that far after all.

Me too! You've worked hard to get them to click that Checkout button, once they are in, don't let them out! ;)

I've actually ended a few checkout sessions because I was getting carried away with all the "others also bought" distractions. I was there for one thing and ended up with about six things and I finally came to my senses. ;)

Hard code those links all the way. The last thing you want is the bot picking up a whole set of links with https because of relative path references while on https. It happens every day and we see many wondering why their home pages are indexed under https.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved