EDIT: I apologize, for I think I put this in an inappropriate forum.

Hello,

I have recently noticed that once a customer on my web store gets far enough into the order process to be in SSL mode, the pages can take a considerable amount of time to respond. I have deduced that the response time is dependent on the number of items in the shopping cart.

1 cart item and the pages load immediately, 5 items and it takes a few seconds. I tried it with 30 cart items and it took about a minute!

The only possible idea I have come up with is that encrypting the session takes a surprising amount of overhead and this is building up, but I can't see that I'm storing enough information for such a huge slowdown. I don't completely understand SSL or sessions with SSL, maybe someone could shed some light on how my session size would affect the speed of SSL connections.

When does SSL start working? I would assume that it would only encrypt data actually transfered, so the complexity of an ASP script wouldn't affect the response time any differently than if it was non-encrypted communication.

Any help or ideas would be much appreciated, thank you!

I really don't think it's the SSL that's getting you. It's probably either the server side processing for the cart items or an inordinate amount of page markup for each item.

Thanks for the reply.

I actually tried it out on my local computer using a certificate I created on the localhost and it worked fine. So it doesn't appear to be the scripts and it doesn't appear to be SSL itself.

I've had one idea since. When I test on my local computer I use an Access database. My shopping cart software came with it. We used to use it on the real site but switched to SQL server for obvious reasons, however, connecting remotely to the server is way too slow so I still connect to the Access DB for local testing.

I don't know much about the internal workings of SSL. The thought occured to me that perhaps when using SSL the connections between my scripts and SQL server will be encrypted also. This would mean significant overhead. (perhaps even, some inefficiencies with my script that aren't noticeable have become noticeable with this overhead). It would also explain why I don't have a problem in my local environment.

Could this be a possible reason?

You were right, a script issue. A very poorly done part of the script where it was seeking through the entire product list to find each product's record. Repeat for every product in the cart. My god! From a time when I just didn't know any better I guess. Problem solved.

Just for curiosity sake:
When using SSL, is data sent internally between my scripts and my SQL server encrypted as well?
I assume that the reason this works fine on my local copy with an Access DB and not in my real environment is that a MoveNext command with SQL server would require data transfer and therefore a lot of extra overhead each time you called it. If this data transfer is encrypted this would exacerbate this issue further as well.

Only the browser/server conversation is encrypted.