Although I want people to feel secure when entering credit card information, the https part of the site seems to have a problem. Specifically, when the user is finished with the CBSubs part of the transaction, when they click any link on the site, all links are now HTTPS, not HTTP.
Once switchover is made to HTTPS a user can't switch back without causing a browser security error. They only way to switch back is for the user to manually navigate back to HTTP. Posting from HTTPS and HTTP isn't valid as it will say the user is posting to HTTP and the post data would be insecure. In most cases if you've the certificate it's best to just keep them in HTTPS at all times.
First, I need to switch them back to HTTP. Secondly, it seems that the entire session is not encrypted, and the browser throws a security warning, stating in effect that some parts of the session are encrypted, and some are not. Is it possible to make people feel even better about putting in their credit card info, and make the entire session encrypted? My certificate is valid, and issued for my site.
Please check within CBSubs > Settings > Credit-cards that you've set "User login session on https switchover:" to "Logout user from http on https switchover" and "Credit-Card Form http(s) mode:" is set to "HTTPS (normal secure mode required for normal credit-cards)". This could also mean content you've added to descriptions or maybe a custom button image is configured with HTTP instead of HTTPS.
krileon
