[ic] Detecting a secure page
Kevin Walsh
kevin at cursor.biz
Fri Jun 16 14:36:25 EDT 2006
Grant <emailgrant at gmail.com> wrote:
> I tested the new patch and I'm very happy to report it is working
> great. It does not seem to cause any problems with my store, the
> extra ENV variables are being set, and HTTPS detection is working
> great. I still can't use [if session shost] but the other methods of
> detection are working. Thank you very much for fixing
> Interchange::Link and I suggest the changes are merged with the
> Link.pm in CVS.
>
[if session shost] will only be set if the user has cookies switched
off. The variable probably isn't a lot of use to you anyway; It does
NOT indicate whether the current request was posted via SSL.
I'll get the patch into CVS later, if no problems are reported today.
>
> Racke mentions here:
>
> http://www.icdevgroup.org/pipermail/interchange-users/2002-October/028244.html
>
> that "querying CGI::secure fails sometimes" so he evaluates the HTTPS
> ENV variable directly. I guess I'll go ahead and do that. Any reason
> I shouldn't?
>
$CGI::secure is set from HTTPS. If one is set then the other should be
set as well. I don't know what Racke meant by "sometimes". Perhaps it's
a case of "available on some setups but not on others." It's quite
serious for $CGI::secure to not be set, as it's used in several places
within Interchange. I'd advise you to stick with $CGI::secure and report
any problems. I've never had a problem with it.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users
mailing list