[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] session being dropped in cookie less checkout
****** message to minivend-users from Mark Stosberg <mark@summersault.com> ******
Randy Moore wrote:
>
>
> Hi Mark,
>
> I've found that by:
> 1) using the 'CookieDomain' directive in 'catalog.cfg'
> AND
> 2) making sure that EVERY <form> on all my MV pages contains:
> <INPUT TYPE=hidden NAME="mv_session_id" VALUE="[data session id]">
>
> I can avoid losing the session (shopping cart) with or without
> Cookies. And, this way there is no need to use the security reducing
> directives like: WideOpen, IpHead, and DomainTail
>
> Obviously the key for the non-cookie scenario is #2.
>
> FYI, here is how I'm using the 'CookieDomain' directive:
> CookieDomain .medoptionslegal.com .medifocuslegal.com
> ^^ non-ssl domain^^ ^^ ssl domain ^^
>
> If anyone knows of situations where these two methods together don't solve
> the problem, please let me know. I think this is a general solution, but I
> could easily be wrong.
>
Thanks Randy,
I implemented option number 1 at your suggestion. This didn't change
anything for the non-cookie users, but since it seems to deal just with
cookies, that sort of made sense.
Option 2 was already implemented on the relevent pages. (and I just
double checked it) . This sort of solution seems like it _should_ work--
it's the sort of thing I do when I'm programming CGI without Minivend.
It appears in between "checkout.html" "final.html" minivend is
creating a new session id, presumably because it can't find the old one,
or doesn't think it's safe to use.
-mark
<<-------------------------------------------------------------->>
personal website < Summersault Website Design
http://mark.stosberg.com/ > http://www.summersault.com/
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list