[ic] CookieName directive fails

Bruno Cantieni bruno at digi-land.com
Fri Jul 22 09:20:27 EDT 2005

I'm having trouble getting CookieName to work on a "merchant network"
consisting of about 40 catalogs.
We use IC 5.2.
We are trying to use CookieName in order to avoid "cross merchant shoppers"
from getting dropped cart contents when they shop at one merchant and then
go on to shop at another merchant (cookie is the same standard
Testing on a single catalog, the directive worked OK.
Applying the directive to all catalogs and restarting IC resulted in total
What appears to happen is that the cookie would generate on the first
merchant you hit (e.g. merchant1.secure_server_name.com ::
MV_1001_SESSION_ID :: 5v8YXA8Z).
Hit another merchant (e.g. merchant2.secure_server_name.com) and it would
not generate a new cookie resulting in:
A) the "You must have cookies set .. " message
B) some bizarre and strictly numeric session id for
merchant2.secure_server_name.com (e.g. 81234)
C) screwed up cart and session info
In fact, one user reported getting someone elses billing and shipping
address info pre-populated in the checkout routines!

All catalogs use the same secure server via an alias for checkout routines.
merchant1.secure_server_name.com => secure.secure_server_name.com
merchant2.secure_server_name.com => secure.secure_server_name.com
All merchant catalog names are numeric (1001, 1002 .. 1040)
All catalogs use a single set of pages, templates etc. via symlinks to an
"admin catalog" (e.g. /var/lib/interchange/1020/pages ->
Most of the dynamic tables (products, transactions, orderline and so on) are
global via symlinks (records are identified with the merchant_id).
This setup has been working fine for years now.

Here is a typical pre CookieName directive excerpt from one of the
catalog.cfg files:
Variable    MERCHANT_ID        1001
Cookies Yes
SessionExpire  30 minutes
WideOpen       Yes

With the CookieName directive it would look like:
Variable    MERCHANT_ID        1001
Cookies Yes
SessionExpire  30 minutes
WideOpen       Yes

The cart has the standard:
		my $cname = $Config->{CookieName} || 'MV_SESSION_ID';
		$Scratch->{have_cookie} = $Tag->read_cookie($cname)
			and delete $Scratch->{tried};
	[if scratch have_cookie]
	[elsif scratch tried]
    		[L CART_MSG1]You must have cookies set to leave the basket.
Check out now or forever lose your shopping cart.[/L]
		[set tried]1[/set]
		[bounce href="[area ord/basket]"]

Does anyone have a clue why this is not working?

Bruno Cantieni

More information about the interchange-users mailing list