[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Loosing the cart/ssl
****** message to minivend-users from jojo@buchonline.net ******
On 8 Sep, Mike Heins wrote:
> ****** message to minivend-users from Mike Heins <mikeh@minivend.com> ******
[DEL]
>> > There is a little bug in bin/minivend! The variable "shost" is not
>> > right and has "Yes" or "No" instead of an IP-Number!
>> >
>> > Mike,
>> >
>> > did you fix that?
>> >
>> > This is my dirty quick solution!
>> >
>> > ---------------diff------------
>> > --- minivend.test Wed Aug 2 14:11:05 2000
>> > +++ minivend Wed Aug 2 14:11:05 2000
>> > @@ -1326,7 +1327,13 @@
[DEL]
>
> This is not a complete diff, and there is no version information. It doesn't
> match Interchange.
Sorry! But the complete diff has a lot of line like
#jojo
´::logDebug(......
and is not important. It is the problem with wrong value (Yes or No) in
"shost". Stefan Homburg has reported this to you (in August).
> I still don't know what anyone is talking about. If you don't use WideOpen and
> don't use cookies, you are going to lose your cart unless your secure server is
> the same as your non-secure.
I´ve tried with WideOpen and this doesn´t help, because shost has not
an IP-No. It has "Yes" or "No" and
-------snip----------
my $compare_host = $CGI::secure
? ($Vend::Session->{shost})
: ($Vend::Session->{ohost});
-------snip----------
make no sense, if you compare "Yes" (or "No") with any IP-No.
> I would need some explanation of:
>
> 1. Exactly what the patch does.
I´ve add a line like
$Vend::Session->{shost} = $CGI::secure;
behind the line
if(! $from_cookie) {
to get an IP-No. or to override the value "Yes" or "No" with an IP-No.
I´ve comment the line
new_session();
in the if statement of
----------snipp----------
my $compare_host = $CGI::secure
? ($Vend::Session->{shost})
: ($Vend::Session->{ohost});
if(! $compare_host) {
new_session() unless $CGI::secure;
$Vend::Session->{shost} = $CGI::secure;
}
elsif ($compare_host ne $CGI::remote_addr) {
new_session();
}
}
if ($now - $Vend::Session->{'time'} > $Vend::Cfg->{SessionExpire}) {
----------snipp----------
> 2. Version this is against.
-------snip----------
server:/home/mvend4/bin[jojo]# minivend -v
MiniVend version 3.14-3 Copyright 1995 Andrew M. Wilcox
Copyright 1996-1998 Michael J. Heins
-------snip----------
> 3. A complete diff.
-------snip----------
--- minivend.test Mon Sep 11 09:25:19 2000
+++ minivend Mon Sep 11 09:39:56 2000
@@ -664,6 +664,8 @@
if (defined $CGI::values{mv_order_route}) {
# $ok will not be defined unless Route "supplant" was set
# $order_no will come back so we don't issue two of them
+#jojo
+#::logDebug("Routing order");
($ok, $order_no) = route_order(
$CGI::values{mv_order_route},
$Vend::Items
@@ -691,7 +693,11 @@
# backend ordering with AsciiTrack and the order report.
# If the "supplant" option was set in order routing it will
# not be used ($ok would have been defined)
+#jojo
+#::logDebug("Order number=$order_no\n");
$ok = mail_order(undef, $order_no || undef) unless defined $ok;
+#jojo
+#::logDebug("Order number=$order_no\n");
# Display a receipt if configured
@@ -1007,6 +1013,7 @@
my $id = shift;
mkdir "$Vend::Cfg->{ScratchDir}/retired", 0777
unless -d "$Vend::Cfg->{ScratchDir}/retired";
+
my $fn = Vend::Util::get_filename($id, 2, 1, "$Vend::Cfg->{ScratchDir}/retired");
return -f $fn ? 1 : 0;
}
@@ -1320,7 +1327,13 @@
}
my $now = time;
if(! $from_cookie) {
+ $Vend::Session->{shost} = $CGI::secure;
+#jojo
+# ::logDebug(" !fromcookies id=$sessionid from_cookies=$from_cookie\n");
+
if( is_retired($sessionid) ) {
+#jojo
+# ::logDebug(" is_ritered id=$sessionid from_cookies=$from_cookie\n");
new_session();
last RESOLVEID;
}
@@ -1329,19 +1342,26 @@
: ($Vend::Session->{ohost});
if(! $compare_host) {
-
+#jojo
+# ::logDebug(" !compare_host id=$sessionid shost=$Vend::Session->{shost} ohost=$Vend::Session->{ohost}\n");
new_session() unless $CGI::secure;
-
$Vend::Session->{shost} = $CGI::secure;
}
elsif ($compare_host ne $CGI::remote_addr) {
- new_session();
+#jojo
+# ::logDebug(" compare_host ne CGI id:$sessionid\n");
+# das löscht carts!!! new_session();
}
}
if ($now - $Vend::Session->{'time'} > $Vend::Cfg->{SessionExpire}) {
+
retire_id();
+#jojo
+# ::logDebug(" now time id:$sessionid\n");
new_session();
last RESOLVEID;
+
+
}
elsif($Vend::Cfg->{RobotLimit}) {
if ($now - $Vend::Session->{'time'} > 30) {
@@ -1380,10 +1400,15 @@
return;
}
}
+#jojo
+# ::logDebug(" vor new_sessoin id:$sessionid\n");
new_session();
+
}
}
+#jojo
+# ::logDebug(" nach new_sessoin id:$sessionid\n");
#::logDebug("session name='$Vend::SessionName'\n");
$Vend::Interpolate::Calc_initialized = 0;
-------snip----------
> The best mechanism to handle a separate secure and non-secure server is:
>
> AlwaysSecure order ord/basket ord/checkout
I´ve this too and my secure server and non-secure server is the same
server. All in my own one machine.
> In other words, only submit orders and do order-related things against
> the secure server. If you do form-based orders, use [process secure=1]
> as the form action.
I´ve this too! But without cookies in my browser, I can´t carry my
right session id and I
lost my cart, if I go to the checkout page
or
lost all my previous items in my cart and see the last ordered items
only.
At the Linuxtag (Linuxday?) in Stuttgart. I´ve asked Stefan for help
and he has confirmed me, that MV has a misbehavior with
SSL+Non-Cookie-Browser+secure page (basket/checkout) and shost.
I hope, my english is not too wrong.
Joachim
--
Hans-Joachim Leidinger
buch online jojo@buchonline.net
Munscheidstr. 14 FAX: +49 209 1671449
45886 Gelsenkirchen FAX: 0209 1671449
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
