[ic] BUG :- Very severe, but I've got a fix

Murray Gibbins Murray@scotweb.ltd.uk
Fri, 02 Feb 2001 16:15:18 +0000 

RH 7.0
Perl 5.6
Interchange 4.6.1 rpm
Apache , mod_ssl


If you run from a https when first ordering a product with cookies *off* in
Netscape or IE ( not knonquer or omnibrowser) the cart is lost and the session
id lost when hitting "Recalculate" in the basket.

this is a DEBUG lists which shows it....

Start DEBUG at Fri Feb  2 15:26:56 2001

[goto  shop]

main:debug: session='' cookie='' chost=''
main:debug: session name='Rg3RHkkT:193.195.20.134'

[select product range]

main:debug: arg is 
main:debug: session='Rg3RHkkT' cookie='' chost=''
main:debug: session name='Rg3RHkkT:193.195.20.134'

[select products]

main:debug: arg is
main:debug: session='Rg3RHkkT' cookie='' chost=''
main:debug: session name='Rg3RHkkT:193.195.20.134'

[order products and enter https]

main:debug: arg is 
main:debug: session='Rg3RHkkT' cookie='' chost=''
main:debug: session name='Rg3RHkkT:193.195.20.134'

[ now in basket still in https still with no cookies, hit recalculate]

main:debug: arg is 

main:debug: session='Rg3RHkkT' cookie='' chost=''
main:debug: session name='rvme5mXZ:193.195.20.134'

main:debug: arg is 

----------------------------------------

The problem is in the interchange perl

../bin/interchange

snip-------

			if(! $compare_host) {			    
				new_session() unless $CGI::secure;
				$Vend::Session->{shost} = $CGI::secure;
			}
			elsif ($compare_host ne $CGI::remote_addr) {
			    ::logDebug ('$compare_host ne $CGI::remote_addr '.$CGI::remote_addr);
				new_session() ;
			}

---------------

should be
---------------
			if(! $compare_host) {
			    #::logDebug ("not compare host");
				new_session() unless $CGI::secure;
				$Vend::Session->{shost} = $CGI::secure;
			}
			elsif ($compare_host ne $CGI::remote_addr) {
			    #::logDebug ('$compare_host ne $CGI::remote_addr '.$CGI::remote_addr);
				new_session() unless ($CGI::secure && $Vend::Session->{shost});
			}
----------------


Yours
Murray

-- 
  ____
  \__/    Murray Gibbins             murray@scotweb.ltd.uk
  /  \    Programmer
_ \__/ _  ================================================
\\ || //  Scotweb Limited,             info@scotweb.ltd.uk
 \\||//   13a Albert Terrace,    http://www.scotweb.ltd.uk
  \||/    Edinburgh EH10 5EA   Tel: +44 (0)  131 270 82 33
   ||     Scotland. Europe.    Fax: +44 (0) 7020  93 49 04