Knowledgebase
Home » Item #998
Cannot access back end or checkout after setting 'usesecurearea' config setting
Question
I set the 'usesecurearea' config setting in my CactuShop back end and now I cannot access the back end or the checkout on the front end. Why? What can I do to resolve this?
Answer
The 'usesecurearea' config setting ensures that the checkout pages and the back end are forced to https (SSL - secure sockets layer), so that the connection between browser and site is encrypted. This provides an extra layer of security, and is required if using a payment method where card details are entered directly into CactuShop rather than at a remote payment gateway's secure payment form.
However, in order for this to work, your site *must* have a secure certificate setup for the domain your site uses. If it does not have a suitable secure certificate in place, accessing any page with https will cause a server error to be displayed.
We therefore advise that before you set the 'usesecurearea' config setting in the back end of your CactuShop, you check that SSL is working correctly by calling your site with https instead of http. For example:
https://www.demo.xyz
If this is working, CactuShop will bounce the browser to http://www.demo.xyz (not secure) and you will see your web site home page. If SSL is not setup and working properly, you will see a server error like a 'Page cannot be displayed' or 'The connection to [website URL] has terminated unexpectedly. Some data may have been transferred.'
Similarly, using a secure certificate obtained for another domain with your site will generate a browser security warning - it will not work by default. This is the whole point of SSL - a secure certificate is a forgery proof document issued by a trusted authority to say that the site is operated by the organization or individual listed on the secure certificate. Browsers will not trust sites using certificates issued for another site, with good reason. It is technically possible to force your browser to accept the certificate, but your customers will not. They will see a nasty security error and bail out at this point.
So in summary, if you want to set your site to use SSL with the 'usesecurearea' setting, you must have a secure certificate installed for the domain itself, and verify that it is working.
If you set the 'usesecurearea' config setting without having working SSL, you will lock yourself out of your web site back end, since CactuShop will try to use https but your site does not support it.
Fixing the issue
The only way around this is to change the 'usesecurearea' config setting (tblCactuShop1Config table) directly in your database. In MySQL or MS SQL you can do this to the live db directly. For an Access database, you will need to download your web site database file to a local machine, open it in Access, change the 'usesecurearea' config setting back to 'n', then upload this db back to your web site.
Once you have made the database change, you will need to force the site to refresh the config settings. To do this, pass 'appvar=reset' to any front end page, for example:
http://www.demo.xyz/default.asp?appvar=reset