[ic] - issue with mv_successpage / mv_nextpage after applying security page

Sanjeev Topiwala s_tops at hotmail.com
Thu Apr 1 01:23:15 EST 2004


I applied 5.0.1 security page. My checkout page is a logged-in user page. So 
when someone clicks on checkout, the login page is thrown.

The login page is from foundation, which has the following hidden parameters

    <INPUT TYPE=hidden NAME=mv_todo  VALUE=return>
    <INPUT TYPE=hidden NAME=mv_click VALUE=Login>
    <INPUT TYPE=hidden NAME=mv_failpage VALUE="login">
	<INPUT TYPE=hidden NAME=mv_successpage VALUE="ord/checkout">
    <INPUT TYPE=hidden NAME=mv_nextpage VALUE="index">
    <input type=hidden name=mv_session_id value="akM9rYFa">

This works fine, as i log in, I'm redirected to the checkout page.

Now, I tried testing the security fix by typing


This throws me the violation page and asks me to log in. As soon as I log 
in, it throws me to the index page.

Now, after this, using this browser, if I try to do the process of checkout 
again by following these steps

1. Log out
2. add item to basket
3. click on checkout

the login page is thrown again with mv_successpage set to ord/checkout, but 
after the successful login for any user, it redirects me back to index page.

Is this intended functionality ? Or is this is a regression issue introduced 
due to the security fix ?

- Sanjeev

MSN Toolbar provides one-click access to Hotmail from any Web page – FREE 
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/

More information about the interchange-users mailing list