[ic] SSL and dropped baskets

Lyn St George interchange-users@icdevgroup.org
Mon Apr 7 16:01:01 2003


On Mon, 7 Apr 2003 10:14:36 -0400, Mike Heins wrote:

>Quoting Lyn St George (lyn@zolotek.net):
>> Hallo
>> I've just found that going from http://www.yourdomain.com 
>> to https://secure.yourdomain.com results in the same loss of 
>> basket contents. The documented fix for this is to add:
>> 	CookieDomain .yourdomain.com
>> to catalog.cfg.
>
>It absolutely should not unless the path is different and Mall
>is set to "Yes" in interchange.cfg.

Checking this shows that 'Mall Yes' was the main culprit. It also 
seems to be browser dependant: on Mozilla 1.3 and Opera 5
this works properly as you say it should; but on Netscrape4.61 
it will not work. (though none of this showed in the archives
for me )
 
>> Testing this with IC 4.9.6 and Perl 5.6.1 on RHLinux (and also
>> IC4.9.6 with Perl 5.8.0 on OS/2) it no longer works. Indeed, IC 
>> now generates a new cookie for every page access. 
>> 
>> A simple fix is to add the following line to lib/Vend/Server.pm
>> 	$domain = $CGI::server_name;
>> just after:
>> 	sub create_cookie {
>> 	my ($domain,$path) = @_;
>> 
>> This ensures that $domain is only the domain name without
>> any host prepended to it.
>> 
>> Please note that this has not been extensively tested (nor is 
>> it particularly elegant) so there is the possibility that it may 
>> break something else. Any thoughts anyone?
>> 
>
>It will break on upgrade, obviously.
>
>Probably you are running into a "Mall Yes" setting in interchange.cfg.
>
>But thinking about this a bit, I don't think we need to honor "Mall"
>if CookieDomain is set. There is no need to set paths if you want
>the cookie to go to a specific domain. 
>
>So I have made this patch to the latest CVS:
>
>--- old/lib/Vend/Server.pm	Sat Mar 29 15:31:46 2003
>+++ new/lib/Vend/Server.pm	Mon Apr  7 10:06:46 2003
>@@ -535,13 +535,13 @@
> 
> 		my @domains;
> 		@domains = ('');
>+		my @paths;
>+		@paths = ('/');
>+
> 		if ($Vend::Cfg->{CookieDomain}) {
> 			@domains = split /\s+/, $Vend::Cfg->{CookieDomain};
> 		}
>-
>-		my @paths;
>-		@paths = ('/');
>-		if($Global::Mall) {
>+		elsif($Global::Mall) {
> 			my $ref = $Global::Catalog{$Vend::Cat};
> 			@paths = ($ref->{script});
> 			push (@paths, @{$ref->{alias}}) if defined $ref->{alias};
>
>I think that should solve any problems in this regartd. It would be nice
>if you report back about it, but I am fairly confident.

Yes it works - setting both CookieDomain and 'Mall Yes' but using this
patch it works just the same as without the patch and without 'Mall Yes' 
as noted above. Thanks:/

>-- 
>Mike Heins
>Perusion -- Expert Interchange Consulting    http://www.perusion.com/
>phone +1.513.523.7621      <mike@perusion.com>
>
>Any man who is under 30, and is not liberal, has not heart; and any man
>who is over 30, and is not a conservative, has not brains.
> -- Winston Churchill
>_______________________________________________
>interchange-users mailing list
>interchange-users@icdevgroup.org
>http://www.icdevgroup.org/mailman/listinfo/interchange-users
>

-
Cheers
Lyn St George
+---------------------------------------------------------------------------------
+ http://www.zolotek.net .. eCommerce hosting, consulting
+ http://www.os2docs.org .. some 'How To' stuff ...
+----------------------------------------------------------------------------------