Akopia Akopia Services

[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] session being dropped in cookie less checkout



******    message to minivend-users from Randy Moore <ramoore@axion-it.net>     ******

At 5/28/00 03:22 PM , you wrote:
>******    message to minivend-users from Mark Stosberg 
><mark@summersault.com>     ******
>
>Gideon van Gelder wrote:
> >
> > Did you try the WideOpen directive in catalog.cfg?
> > If you never heard of this, go check out the faq at
> > minivend.com about dropping the basket when going to
> > secure checkout. There have also been major threads
> > about this subject in the past, that may be able
> > to help.
> >
> > BTW, change minivend.cfg to read:
> >
> > Domaintail no
> > IpHead yes
> > IpQuad 0
> >
> > and set this in catalog.cfg:
> >
> > WideOpen yes
> > SessionExpire 15 minutes
> >
>
>Gideon,
>
>   Thanks for the suggestion. I implemented just as you suggest (with MV
>4.04) and still  lose the cookie in the same place.


Hi Mark,

I've found that by:
1) using the 'CookieDomain' directive in 'catalog.cfg'
AND
2) making sure that EVERY <form> on all my MV pages contains:
<INPUT TYPE=hidden NAME="mv_session_id" VALUE="[data session id]">

I can avoid losing the session (shopping cart) with or without 
Cookies.  And, this way there is no need to use the security reducing 
directives like: WideOpen, IpHead, and DomainTail

Obviously the key for the non-cookie scenario is #2.

FYI, here is how I'm using the 'CookieDomain' directive:
CookieDomain    .medoptionslegal.com .medifocuslegal.com
                           ^^ non-ssl domain^^     ^^ ssl domain ^^

If anyone knows of situations where these two methods together don't solve 
the problem, please let me know.  I think this is a general solution, but I 
could easily be wrong.


Randy Moore
Axion Information Technologies, Inc.

email     ramoore@axion-it.net
phone   301-408-1200
fax        301-445-3947
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list


Search for: Match: Format: Sort by: