When is it right to HTTPS????

[mikie]

Iv defined https in whmcs

Iv defined https in Kayako

 

But why do my links change to https when im not logged into the dashboard?

 

There is no reason for it and it does nothing but slow down the system.

 

I dont get it. Up until i click on CLIENT AREA all is fine. Then once im at the login prompt all links are defined as https on the page whether im logged in or not. Then if i dont login all the rest of my links are loading https no matter what i click.

 

This cant be right. Please offer a solution. The only https sessions should be inside, logged in and even there only for sensitive information and not for everything.

[m8internet]

The URL is set in three parts of the WHMCS General Settings

It will only be http if you set the Domain Name as https but the WHMCS System URL as http

[mikie]

What do you mean?

 

I have a theme integrated which uses whmcs and its all in the root of the site. Not http://domain.com/whmcs/

 

But https should not be active on user created pages and anywhere where its not needed. I mean, AWBS is a prefect example. You define https links in the template when you want them to be https. Are there any system variable that define https? Just because someone visits the clientarea it should not mean that the links in the header and footer for pages like Privacy policy etc need to be loaded that way. What worst yet, when i log out of the client area i continue to see https on every link with pages that fail to load properly because images are not being displayed in a secure manner.

 

This is a terrible design. Im shocked that its been bought up before. So those people who are running WHMCS with an integrated theme have to deal with it?

[m8internet]

Check the Admin General Settings page

If you want to avoid https on all pages, then change the Sytsem URL to http

When Clients logout or visit pages that do not need to be https then they won't be

 

If you have set the main Domain Name as https, then when clients logout they will be sent to the https

[mikie]

The solution to fix it is to define absolute paths for all your links. That way your header and footer links dont look like https://domain/tos.php when you hover over them even when your logged into the clientarea. Duh! I should have noticed this earlier.

 

Thanks

[allenb]

This code here will help you.

 

Each Order like can be http://order.tld then server will auto kick the user to https://order.tld No buts always on a secure site.

 

 

 

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://Your_DOMAIN/WHERE/$1 [R,L]

[WebsiteIntegrations]

What do you mean?

 

What worst yet, when i log out of the client area i continue to see https on every link with pages that fail to load properly because images are not being displayed in a secure manner.

 

This is a terrible design. Im shocked that its been bought up before. So those people who are running WHMCS with an integrated theme have to deal with it?

 

well most people would do a proper integration and include the images and such as part of the actual theme and not link to them from outside whmcs (granted I've done like 400 or so whmcs themes so its 2nd nature to me to do it properly )

Edited March 26, 2011 by wwesn