Links on Secure pages redirect to the homepage

I wonder if anyone else is experiencing this problem in v3 (or is it a server configuration problem):

The customer can’t visit ANY non-secure pages from the secure pages.

When SSL is enabled for checkout, but not kept once the secure page is visited, the links to pages and products are all redirected to the homepage. (Not a 404 & not the page requested)

It would be nice to be able to use a secure cart/checkout process and not have to run the entire store over https after one view of the cart.


From the cart page, this link:


Should end up here:


But ends up here:


config file is set up the same as in ver 2.

Works fine for me. I see you are using product-name.html and therefore have SEO enabled - in which case, if you enabled “show language in the URL” and you hadn't cleared the cache then your links would still be /product-name.html and from the secure site this does take you straight to the home page of the non secure site (the links should be, for example, /en/product-name.html for english).

Another idea - if you previously had to make changes to .htaccess you will need to check it is right now - e.g. change the base to the new location.

Third idea - dissable SEO and clear the cache to see if it is just related to SEO to narrow down the problem.

Good luck.

Thank you applied.

I get the same results with SEO disabled:

Visiting links from the secure cart all resolve to the root of the store - home page. When I hover over the links (or view the source) I can see they all have https in them. I don't know if this is normal.

I never had this problem with v2 - but I moved to a new server too with the upgrade to v3.

I'm baffled as to what to do to fix the problem.

Just a hunch but you may want to look at your htaccess file. You ISP may be able to help with that.

It is normal for all the links on the secure server to have https: as they are then redirected to the correct page on the non-secure site if it is a non-secure page.

See if anything is strange with the https: URL (like additional slashes or missing slashes) when you hover over the links they should show the correct page using the https: host / path. This way you can determine if the links are correct and the re-direction is wrong or the links themselves are wrong.

Also, double check your settings in config.local.php. Check the slashes are in the correct place as per the example in the file - when you did the install you may have assumed the path to be, for instance, “store/cart/” instead of the correct “/store/cart” - I know when I install I have to check the format as it doesn't suggest the format to use during installation. When there is no path you may have put a slash in the path (but the path should be empty '' for it to work).

If it's a new server and it is the redirection which is not working, I have another possibility - in fn.control.php in the “core” directory of your installation replace:

fn_redirect(('http://' . Registry::get('config.http_host')) . (!empty($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : Registry::get('config.http_path') . '/' . Registry::get('config.current_url')));


fn_redirect(('http://' . Registry::get('config.http_host')) . (!empty($_SERVER['REDIRECT_URI']) ? $_SERVER['REDIRECT_URI'] : Registry::get('config.http_path') . '/' . Registry::get('config.current_url')));

Keep the original file safe and put it back if it doesn't work.

You should raise a support ticket if none of this helps as I can confirm that all the links should redirect to the correct page on the non-secure site and you don't have to run the site on https after the first view of the cart.

Good luck - let me know how you get on.


Thank you so much for taking the time to help me with this.

The URLs were formatted properly. The config.local.php file didn't have any errors in it. But changing the environment variable in the core/fn.control.php fixed the problem!

I noticed last night that links to “pages” (like Privacy Policy or Return Policy pages), which are not SEO named redirected to the non-secure http without error. Only products and categories redirected to the homepage. But I got the same results with or without SEO names enabled.

I vaguely understand WHY changing from REDIRECT_URL to REDIRECT_URI fixed this problem, but I never would have found this on my own.

I can't thank you enough.