Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: buckworks
Customer browses site over HTTP. Customer enters checkout process over HTTPS. Customer spots something else they need so they click on a link to that product and continues browsing.
Looking at other (big) e-commerce sites, there are basically 2 ways of handling it:
1. Once they are within the checkout process they are HTTPS, so any clicks to another product will also be HTTPS. So they could end up surfing the entire site over HTTPS.
2. Once they enter the checkout process, remove any distracting links. Once they've completed the checkout, then they can be redirected to HTTP to continue surfing.
Option 1 could put an additional drain on resources. And option 2 could miss out on some potential add-on sales.
I suppose I could change all links to be fully qualified http:// during the checkout process but that doesn't seem a very elegant solution.
What is not elegant about that? You have the pages that need to be secure secure, and the ones that are not are not and load faster. To browse over to checkout and just leave the customer on https is well, sloppy. :-)
There is one hiccup you need to consider. If you are using cookies to keep track of cart contents, when you move to https, you need a method of passing some unique identifier and reset a new cookie. Then when you move back to the non-https, you need to do the same thing in reverse. A cookie can only be read from the domain it was originally set on, and when moving back and forth the browser sees them as two separate domains and cookies. It's not that big a deal to do though.
Hope I've explained that clearly!
The cookie stuff is already working, so that's fine.
1) Duplicate content served over https
2) Distractions in the buying process are bad. Once you started checkout (shipping info) your goal is to get a verified payment. If you want to upsale do it at the view cart step or after they add something to the cart which should all be on the http side anyway.
The shopper may receive a "the URL you are being redirected to is not secure" message
This is only true if the immediate action is on a secure server and the server directs to or includes insecure items. That is, if you submit a form then redirect to a non secure page, you will get this message. It will never occur from any link to a non-secure page from a secure page.
Forcing your visitors to browse over https which is often less than half normal speed is pretty annoying.
I think I'm inclined to agree with sandyeggo. I might be missing out on a few extra additions to the shopping cart, but maybe I shouldn't really have any distracting exit points once they've clicked that checkout button. It's hard enough to get them that far after all.
Me too! You've worked hard to get them to click that Checkout button, once they are in, don't let them out! ;)
I've actually ended a few checkout sessions because I was getting carried away with all the "others also bought" distractions. I was there for one thing and ended up with about six things and I finally came to my senses. ;)
Hard code those links all the way. The last thing you want is the bot picking up a whole set of links with https because of relative path references while on https. It happens every day and we see many wondering why their home pages are indexed under https.