Akopia Akopia Services

[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] session being dropped in cookie less checkout



******    message to minivend-users from Mark Stosberg <mark@summersault.com>     ******

Randy Moore wrote:
> 
> 
> Hi Mark,
> 
> I've found that by:
> 1) using the 'CookieDomain' directive in 'catalog.cfg'
> AND
> 2) making sure that EVERY <form> on all my MV pages contains:
> <INPUT TYPE=hidden NAME="mv_session_id" VALUE="[data session id]">
> 
> I can avoid losing the session (shopping cart) with or without
> Cookies.  And, this way there is no need to use the security reducing
> directives like: WideOpen, IpHead, and DomainTail
> 
> Obviously the key for the non-cookie scenario is #2.
> 
> FYI, here is how I'm using the 'CookieDomain' directive:
> CookieDomain    .medoptionslegal.com .medifocuslegal.com
>                            ^^ non-ssl domain^^     ^^ ssl domain ^^
> 
> If anyone knows of situations where these two methods together don't solve
> the problem, please let me know.  I think this is a general solution, but I
> could easily be wrong.
> 

Thanks Randy,

  I implemented option number 1 at your suggestion. This didn't change
anything for the non-cookie users, but since it seems to deal just with
cookies, that sort of made sense.
 Option 2 was already implemented on the relevent pages. (and I just
double checked it) . This sort of solution seems like it _should_ work--
it's the sort of thing I do when I'm programming CGI without Minivend. 
  It appears in between "checkout.html" "final.html" minivend is
creating a new session id, presumably because it can't find the old one,
or doesn't think it's safe to use. 
  
   -mark

  <<-------------------------------------------------------------->>
personal website                <    Summersault Website Design
   http://mark.stosberg.com/     >       http://www.summersault.com/
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list


Search for: Match: Format: Sort by: