I am on a shared hosting account, and would like to use 1 SSL for my small Drupal Commerce sites. My host automatically creates a subdomain under my main account domain for each new domain. (I have seen lots of similar discussions about using SSL, but didn't think they had the same requirements.) For example:

Account domain: accountdomain.com
Addon domain 1: addon1.com
Creates additional subdomain: addon1.accountdomain.com

Another addon domain: yetanother.com
Creates additional subdomain: yetanother.accountdomain.com

And so on. The subdomain points to the same folder as the actual domain.

What I'd like to do is install 1 SSL certificate on accountdomain.com, and redirect all https:// (for logins and checkouts) to the subdomain url (which points to the same paths) so I can get away with one SSL and one IP. It shows the site fine, but causes me to lose my session, if I just type it in manually.

My questions:
1. How can I keep my session going to the different https:// path?
2. How can I set up my Drupal installation to automatically kick the user to the alternative but secure subdomain path?

I really don't want to purchase multiple certificates - I have a lot of pro bono projects collecting donations, and I don't think either of us can eat that cost.

thanks for any help!

Comments

rszrama’s picture

rszrama commented
Status: Active » Postponed

I can't really provide support on this, but you might check out the Drupal forums in general. HTTPS sessions are a broader topic than just Drupal Commerce, so you may find your answer either in the forums or in an issue queue for core or Secure Pages module. I'll leave this open so you can move it to another project if need be. Otherwise, when you find the solution, it'd be great if you could mark this as fixed and provide a link to the setup so other people that happen to search this queue for the answer can find it.

tevih’s picture

tevih commented
Status: Postponed » Active

Would using .htaccess mod_rewrite and mod_proxy still cause me to lose my session? (Don't want to try it or I may end up purchasing SSL for a domain that doesn't need it!)

RewriteEngine on
RewriteCond %{HTTP_HOST} ^http://example.com/checkout/*$
RewriteRule ^https://m.example.com/checkout%{REQUEST_URI} [L,P]

p.s. - the code above may not actually do what I think it should...

rszrama’s picture

rszrama commented
Status: Active » Postponed

I honestly don't know. It simply isn't a problem I've had to work through before; the few sites I've been solely responsible for building were either entirely SSL or non-SSL protected. You really should search the entirety of drupal.org - I'm guessing this question has been answered before. The queue here is specifically for issues pertaining to the code and configuration of Drupal Commerce modules alone.

tevih’s picture

tevih commented

Thanks - this question has been asked, but never answered sufficiently. There's a lot of confusion out there with this topic. I figured this would be a good place to ask people who know.

Thanks for replying.

tevih’s picture

tevih commented

Seemed too complicated. Split up hosting into multiple accounts and migrated the different sites. Mo' $. Oh well.

jason.fisher’s picture

jason.fisher commented

I would use the http://drupal.org/project/login_one_time module with a bit like this:

function mymodule_hook_init() {
  if ($_GET['sendto']) {
    $timestamp = REQUEST_TIME;
    $url = url(
      "login_one_time/" . $user->uid . "/" . $timestamp . "/" .
       user_pass_rehash($user->pass, $timestamp, $user->login),
       array(
         'absolute' => FALSE,
       )
    );
    drupal_goto('https://' . $_GET['sendto'] . '.oursites.com' . $url . '?destination=cart')
  }

}

This will let you make links that look like this:

https://currentsite.oursites.com?sendto=othersite

That then turns into an automatic transfer+login on othersite.oursites.com with a redirect to cart. You could do a similar redirect after confirming the order.

jason.fisher’s picture

jason.fisher commented
Issue summary: View changes

tried to edit for clarity

bojanz’s picture

bojanz commented
Issue summary: View changes
Status: Postponed » Closed (outdated)