the webassist/plugins/shopping_cart/chceckout_form.php page should have the following code to detect the SSL server and redirect for the checkout process:
if ((empty($_SERVER['HTTPS']) || $_SERVER['HTTPS']=="off") && !isset($_POST["Checkout_x"]) && !isset($_POST["Checkout"]) && (time() - $_SESSION['WA_HTTPS_Redirect']) > 8) {
if (!isset($_SERVER['REQUEST_URI'])) $_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF'];
$testRedirect = "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $testRedirect);
curl_setopt($c, CURLOPT_TIMEOUT, 90);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
$result = curl_exec($c);
if ($result) {
$_SESSION['WA_HTTPS_Redirect'] = time();
header("location: ".$testRedirect);
die();
}
}
or you could use an mod rewrite to force the entire store to use ssl:
force-ssl-htaccess.html