Secure HTTPS Magento Shopping Cart

Although the shopping cart doesn't contain overly sensitive and private information, some users still feel happier knowing that their cart information is secure. Some analysts have even pondered whether this could increase conversion rates (I don't think it could hurt!). By default, the Magento shopping cart isn't protected by SSL and there is no easy option to enable this in the Magento Admin. Fortunately, it's quite easy to create a Magento extension to achieve this. Let's see how...

Fishpig_CartSecure

We're going to write a small extension that will force Magento to display your cart using SSL (assuming you have set a HTTPS URL as your secure frontend URL). This extension only needs two files, so go ahead and create them.

app/etc/modules/Fishpig_CartSecure.xml

<?xml version="1.0"?>
<config>
	<modules>
		<Fishpig_CartSecure>
			<active>true</active>
			<codePool>local</codePool>
		</Fishpig_CartSecure>
	</modules>
</config>

app/code/local/Fishpig/CartSecure/etc/config.xml

<?xml version="1.0"?>
<config>
	<modules>
		<Fishpig_CartSecure />
	</modules>
	<frontend>
		<secure_url>
			<checkout_cart>/checkout/cart</checkout_cart>
			<checkout>/checkout/cart</checkout>
		</secure_url>
	</frontend>
</config>

For this file, you will probably need to create a few directories found in the path as they most likely don't exist (unless you have already created some of the custom Magento modules we've discussed in our Magento tutorials!).

To get this working, refresh the Magento cache (and recompile the Magento compiler, if already enabled) and browse to your shopping cart! If it isn't working, check that you have enabled SSL URL's for the front end of your Magento site (System > Configuration > Web > Secure > Use Secure URLs in Frontend).

Make Any Magento Page HTTPS

The above extension will force the Magento shopping cart to use your secure URL, but can easily be adapted to force any Magento page to use SSL. To do this, simply add extra entries to the config.xml file you just created, using the same syntax as the checkout_cart option.

3 thoughts on “Secure HTTPS Magento Shopping Cart”

  • Simon Sprankel

    Thanks for the nice tip! Unfortunately, if I change the cart to https, the customer is redirected to the homepage once he deletes an item from the cart. Any idea how to prevent that and let him on the cart page?

    Cheers,
    Simon

    Reply
  • steve snyder

    Nice to hear about this tool, would the SSL certificate installation work despite using any Magento tool? Also why would Magento not include this tool builtin as it is critical for shopping carts.

    Reply
  • Daniel

    Thanks that worked great for me! You are a legend - you just saved my weekend.

    Reply
Leave a Reply