[ic] SSL and dropped baskets

Fri Apr 4 16:52:00 2003

Hallo

It's always been common knowledge that going from 
http://www.yourdomain.com to https://www.someotherdomain.com
will drop the basket on the way. My solution has always been to
tell my customers to spend a few pennies on an SSL cert, and so
I've never looked at any of the fixes.

I've just found that going from http://www.yourdomain.com 
to https://secure.yourdomain.com results in the same loss of 
basket contents. The documented fix for this is to add:
	CookieDomain .yourdomain.com
to catalog.cfg.

Testing this with IC 4.9.6 and Perl 5.6.1 on RHLinux (and also
IC4.9.6 with Perl 5.8.0 on OS/2) it no longer works. Indeed, IC 
now generates a new cookie for every page access. 

A simple fix is to add the following line to lib/Vend/Server.pm
	$domain = $CGI::server_name;
just after:
	sub create_cookie {
	my ($domain,$path) = @_;

This ensures that $domain is only the domain name without
any host prepended to it.

Please note that this has not been extensively tested (nor is 
it particularly elegant) so there is the possibility that it may 
break something else. Any thoughts anyone?

-
Cheers
Lyn St George
+---------------------------------------------------------------------------------
+ http://www.zolotek.net .. eCommerce hosting, consulting
+ http://www.os2docs.org .. some 'How To' stuff ...
+----------------------------------------------------------------------------------