In the older version (2.2.5) we had a choice to allow customer to:
[quote]Keep HTTPS connection once a secure page is visited[/quote]
Is this no longer available? The reason I ask is because for some reason on an XP box I received an error saying something was not secure on the home page.
Hello Clips, there is a bug report regarding this, and I agree that it is a bug… The option to make this choice has been removed, so now it defaults to remaining in https mode once an https page is visited which should not be the default. And yes I have also been seeing the unsecured content error message rear it's ugly head. The bug report looks like more confusion and a lack of understanding that this is actually a problem…
Thanks Struck, I did find onr link here…
http://forum.cs-cart.com/tracker/issue-4878-keep-https-connection-once-a-secure-page-is-visited/
I tried to find something before I posted this but could not find anything.
This is SO CRAZY! Why does it continue to seem more and more that CS-Cart is NOT listening anymore? I am getting so close to giving up on CS-Cart. I am guessing that they want to scare away more and more customers of their customers? Doesn't CS-Cart understand that if they keep screwing up this crap that we won't have money to spend on them and the 15,000 different SaaS that they want to start? Not to mention the huge fees they want to charge you because they decided to “remove” something like this from their software.
I believe they are still listening, just too many releases in too short of a time period for anyone to keep up, as in creating a support monster for themselves as well! 
A prime example is knowing well in advance that the US Postal service was making a change to their API effecting realtime shipping rates, in the past CS-Cart handled these situations very well, however, with this latest January API change, it has still not been updated and is now a serious issue for all US based businesses using USPS (which will be the majority), so this wasn’t handled with enough of a sense of urgency at all this time around. I would hope to only see releases based upon bug fixs in the near future, then hopefully we can all experience some normalcy again! 
We can only hope.
[quote]Why does it continue to seem more and more that CS-Cart is NOT listening anymore?[/quote]
Because it's true?
The majority of cases where I've encountered the “unsecure object” is when someone uses a hard-coded URL that includes the protocol (http://) in a link or (usually) an image src.
So it looks like CS-Cart has confirmed the issue:
http://forum.cs-cart.com/tracker/issue-4878-keep-https-connection-once-a-secure-page-is-visited/
It's just unclear how exactly they are fixing.
I think they stated early on in that thread that they removed the option due to “architectural issues”.
Forcing https after it's been used is a BAD idea and definitely has performance implications. And note that the quantity of data for https is about twice that of http. On a mobile device, this can be devastating.
There shouldn't be any architectural issues since it worked fine before… Oops, maybe there is in SaaS so better break the stand-alone version to support SaaS version.