[ic] SSL and dropped baskets
Mike Heins
interchange-users@icdevgroup.org
Mon Apr 7 10:16:01 2003
Quoting Lyn St George (lyn@zolotek.net):
> Hallo
>
> It's always been common knowledge that going from
> http://www.yourdomain.com to https://www.someotherdomain.com
> will drop the basket on the way. My solution has always been to
> tell my customers to spend a few pennies on an SSL cert, and so
> I've never looked at any of the fixes.
>
> I've just found that going from http://www.yourdomain.com
> to https://secure.yourdomain.com results in the same loss of
> basket contents. The documented fix for this is to add:
> CookieDomain .yourdomain.com
> to catalog.cfg.
It absolutely should not unless the path is different and Mall
is set to "Yes" in interchange.cfg.
>
> Testing this with IC 4.9.6 and Perl 5.6.1 on RHLinux (and also
> IC4.9.6 with Perl 5.8.0 on OS/2) it no longer works. Indeed, IC
> now generates a new cookie for every page access.
>
> A simple fix is to add the following line to lib/Vend/Server.pm
> $domain = $CGI::server_name;
> just after:
> sub create_cookie {
> my ($domain,$path) = @_;
>
> This ensures that $domain is only the domain name without
> any host prepended to it.
>
> Please note that this has not been extensively tested (nor is
> it particularly elegant) so there is the possibility that it may
> break something else. Any thoughts anyone?
>
It will break on upgrade, obviously.
Probably you are running into a "Mall Yes" setting in interchange.cfg.
But thinking about this a bit, I don't think we need to honor "Mall"
if CookieDomain is set. There is no need to set paths if you want
the cookie to go to a specific domain.
So I have made this patch to the latest CVS:
--- old/lib/Vend/Server.pm Sat Mar 29 15:31:46 2003
+++ new/lib/Vend/Server.pm Mon Apr 7 10:06:46 2003
@@ -535,13 +535,13 @@
my @domains;
@domains = ('');
+ my @paths;
+ @paths = ('/');
+
if ($Vend::Cfg->{CookieDomain}) {
@domains = split /\s+/, $Vend::Cfg->{CookieDomain};
}
-
- my @paths;
- @paths = ('/');
- if($Global::Mall) {
+ elsif($Global::Mall) {
my $ref = $Global::Catalog{$Vend::Cat};
@paths = ($ref->{script});
push (@paths, @{$ref->{alias}}) if defined $ref->{alias};
I think that should solve any problems in this regartd. It would be nice
if you report back about it, but I am fairly confident.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.513.523.7621 <mike@perusion.com>
Any man who is under 30, and is not liberal, has not heart; and any man
who is over 30, and is not a conservative, has not brains.
-- Winston Churchill