[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] session being dropped in cookie less checkout

To: minivend-users@minivend.com
Subject: Re: [mv] session being dropped in cookie less checkout
From: Mark Stosberg <mark@summersault.com>
Date: Sun, 28 May 2000 16:41:17 -0500
Organization: Summersault
References: <392C4BF4.A9B91629@summersault.com> <20000526154449.A2522@pegasus.freibergnet.de> <392F47CA.97E2C1B1@summersault.com> <003901bfc7be$99772820$78cf86c2@gideon> <4.2.0.58.20000528164212.00aa6690@staq1.atlantech.net>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Mark Stosberg <mark@summersault.com>     ******

Randy Moore wrote:
> 
> 
> Hi Mark,
> 
> I've found that by:
> 1) using the 'CookieDomain' directive in 'catalog.cfg'
> AND
> 2) making sure that EVERY <form> on all my MV pages contains:
> <INPUT TYPE=hidden NAME="mv_session_id" VALUE="[data session id]">
> 
> I can avoid losing the session (shopping cart) with or without
> Cookies.  And, this way there is no need to use the security reducing
> directives like: WideOpen, IpHead, and DomainTail
> 
> Obviously the key for the non-cookie scenario is #2.
> 
> FYI, here is how I'm using the 'CookieDomain' directive:
> CookieDomain    .medoptionslegal.com .medifocuslegal.com
>                            ^^ non-ssl domain^^     ^^ ssl domain ^^
> 
> If anyone knows of situations where these two methods together don't solve
> the problem, please let me know.  I think this is a general solution, but I
> could easily be wrong.
> 

Thanks Randy,

  I implemented option number 1 at your suggestion. This didn't change
anything for the non-cookie users, but since it seems to deal just with
cookies, that sort of made sense.
 Option 2 was already implemented on the relevent pages. (and I just
double checked it) . This sort of solution seems like it _should_ work--
it's the sort of thing I do when I'm programming CGI without Minivend. 
  It appears in between "checkout.html" "final.html" minivend is
creating a new session id, presumably because it can't find the old one,
or doesn't think it's safe to use. 

   -mark

  <<-------------------------------------------------------------->>
personal website                <    Summersault Website Design
   http://mark.stosberg.com/     >       http://www.summersault.com/
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

References:
- [mv] session being dropped in cookie less checkout
  - From: Mark Stosberg <mark@summersault.com>
- Re: [mv] session being dropped in cookie less checkout
  - From: Holm Tiffe <holm@freibergnet.de>
- Re: [mv] session being dropped in cookie less checkout
  - From: Mark Stosberg <mark@summersault.com>
- Re: [mv] session being dropped in cookie less checkout
  - From: "Gideon van Gelder" <gideon@swingmaster.nl>
- Re: [mv] session being dropped in cookie less checkout
  - From: Randy Moore <ramoore@axion-it.net>

Prev by Date: Re: [mv] minimate localization problem
Next by Date: [mv] yikes-- my error checking quit working (mv 4.04)
Prev by thread: Re: [mv] session being dropped in cookie less checkout
Next by thread: Re: [mv] session being dropped in cookie less checkout
Index(es):
- Date
- Thread