[ic] SSL and dropped baskets
Lyn St George
interchange-users@icdevgroup.org
Fri Apr 4 16:52:00 2003
Hallo
It's always been common knowledge that going from
http://www.yourdomain.com to https://www.someotherdomain.com
will drop the basket on the way. My solution has always been to
tell my customers to spend a few pennies on an SSL cert, and so
I've never looked at any of the fixes.
I've just found that going from http://www.yourdomain.com
to https://secure.yourdomain.com results in the same loss of
basket contents. The documented fix for this is to add:
CookieDomain .yourdomain.com
to catalog.cfg.
Testing this with IC 4.9.6 and Perl 5.6.1 on RHLinux (and also
IC4.9.6 with Perl 5.8.0 on OS/2) it no longer works. Indeed, IC
now generates a new cookie for every page access.
A simple fix is to add the following line to lib/Vend/Server.pm
$domain = $CGI::server_name;
just after:
sub create_cookie {
my ($domain,$path) = @_;
This ensures that $domain is only the domain name without
any host prepended to it.
Please note that this has not been extensively tested (nor is
it particularly elegant) so there is the possibility that it may
break something else. Any thoughts anyone?
-
Cheers
Lyn St George
+---------------------------------------------------------------------------------
+ http://www.zolotek.net .. eCommerce hosting, consulting
+ http://www.os2docs.org .. some 'How To' stuff ...
+----------------------------------------------------------------------------------