securing checkout in powerstore 3

1. what is the downside of having the entire site in https? I don't see many sites set up this way

2. how do i modify the "checkout button in powerstore 3 to go to https? found solutions in ecart 5 where to create , but can not find where to change the code

3. i have created a subdomain to house the secure pages and apply ssl cert to. Was the the right way to do it?

4. what other pages need to be in the subdomain for ssl?

Since you have created a sub domain for the secure domain, you will run into issues unless you redirect all traffic to the sub domain.


The problem is this:

If you begin shopping at:
www.domain.com

a session cookie is created for that domain, this cookie is used to track the session.


when you direct to the sub domain:
sub.domain.com

this is a different domain, so a new session is started, and a new session cookie is created. The contents of the cart from www.domain.com will not transfer over.

If you direct all traffic from www.domain.com to sub.domain.com you will not run into this issue.


Also, you will not need to modify any of the redirect coding.

I am also curious about what is the best practice on doing this. Would you just add to the index page <?php header("Location: https://yourdomain.com" ?> so that any time the index page is called it would automatically go to a secure page. Would you have to add it to all the pages of your website so if someone enters on another page it would be redirected to a secure connection. Or would you put a permanent forward by the service provided from the index page to another page. Or is their a better more efficent way to enter into a secure environment?

on an Apache server, you would set up an htaccess rule:
http-https-rewriterule-redirect.html


on a windows server, there are other methods:
three_methods_redirect_http_https