[ic] SSL and dropped baskets

Mike Heins interchange-users@icdevgroup.org
Mon Apr 7 10:16:01 2003 

Quoting Lyn St George (lyn@zolotek.net):
> Hallo
> 
> It's always been common knowledge that going from 
> http://www.yourdomain.com to https://www.someotherdomain.com
> will drop the basket on the way. My solution has always been to
> tell my customers to spend a few pennies on an SSL cert, and so
> I've never looked at any of the fixes.
> 
> I've just found that going from http://www.yourdomain.com 
> to https://secure.yourdomain.com results in the same loss of 
> basket contents. The documented fix for this is to add:
> 	CookieDomain .yourdomain.com
> to catalog.cfg.

It absolutely should not unless the path is different and Mall
is set to "Yes" in interchange.cfg.

> 
> Testing this with IC 4.9.6 and Perl 5.6.1 on RHLinux (and also
> IC4.9.6 with Perl 5.8.0 on OS/2) it no longer works. Indeed, IC 
> now generates a new cookie for every page access. 
> 
> A simple fix is to add the following line to lib/Vend/Server.pm
> 	$domain = $CGI::server_name;
> just after:
> 	sub create_cookie {
> 	my ($domain,$path) = @_;
> 
> This ensures that $domain is only the domain name without
> any host prepended to it.
> 
> Please note that this has not been extensively tested (nor is 
> it particularly elegant) so there is the possibility that it may 
> break something else. Any thoughts anyone?
> 

It will break on upgrade, obviously.

Probably you are running into a "Mall Yes" setting in interchange.cfg.

But thinking about this a bit, I don't think we need to honor "Mall"
if CookieDomain is set. There is no need to set paths if you want
the cookie to go to a specific domain. 

So I have made this patch to the latest CVS:

--- old/lib/Vend/Server.pm	Sat Mar 29 15:31:46 2003
+++ new/lib/Vend/Server.pm	Mon Apr  7 10:06:46 2003
@@ -535,13 +535,13 @@
 
 		my @domains;
 		@domains = ('');
+		my @paths;
+		@paths = ('/');
+
 		if ($Vend::Cfg->{CookieDomain}) {
 			@domains = split /\s+/, $Vend::Cfg->{CookieDomain};
 		}
-
-		my @paths;
-		@paths = ('/');
-		if($Global::Mall) {
+		elsif($Global::Mall) {
 			my $ref = $Global::Catalog{$Vend::Cat};
 			@paths = ($ref->{script});
 			push (@paths, @{$ref->{alias}}) if defined $ref->{alias};

I think that should solve any problems in this regartd. It would be nice
if you report back about it, but I am fairly confident.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.513.523.7621      <mike@perusion.com>

Any man who is under 30, and is not liberal, has not heart; and any man
who is over 30, and is not a conservative, has not brains.
 -- Winston Churchill