[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Checkout only secure when called as ord/checkout, not with 'process'
Hi all:
Sorry in advance for the long post. I have scrutinized the archives but
haven't found a solution that works.
I'm running MV 3.08, Apache and Stronghold. I have two problems with
securing the checkout process:
- First, from my basket page the checkout page is only served securely when
called with a reference that explicitly indicates the 'checkout' page by
name in the URL, as in
[if items][page ord/checkout]<IMG SRC="check.gif">[/page][/if]
The resulting URL in the browser (IE or Nav) is
https://www.entitysoftware.com/es00.cgi/ord/checkout?7b2XexSS;;235
which is secure. But I don't get a secure checkout page when called by a
"Checkout" pushbutton, as in:
<input type="submit" name="mv_todo" value="Check Out">
which displays
http://www.entitysoftware.com/es00.cgi/process?7b2XexSS;;242
My Catalog.cfg contains:
Variable SERVER_NAME www.entitysoftware.com
VendURL http://__SERVER_NAME____CGI_URL__
SecureURL https://__SERVER_NAME____CGI_URL__
AlwaysSecure ord/checkout special/needfield
Credit card info is entered on the checkout page. I don't have a separate
enter_cc page.
Basket.html contains:
<FORM ACTION="[process-target secure=1]" METHOD=POST>
<INPUT TYPE=hidden NAME="mv_session_id" VALUE="[data session
id]">
<INPUT TYPE=hidden NAME="mv_doit" VALUE=refresh>
<INPUT TYPE=hidden NAME="mv_orderpage" VALUE="ord/basket">
<INPUT TYPE=hidden NAME="mv_checkout" VALUE="ord/checkout">
<INPUT TYPE=hidden NAME="mv_nextpage" VALUE=catalog>
<INPUT TYPE=submit NAME="mv_submit" VALUE="Recalculate"
onclick="document.forms[0].action='[process-target]'">
<input type="submit" name="mv_todo" value="Check Out">
<INPUT TYPE=submit NAME="mv_click" VALUE="Stop Shopping"
onclick="document.forms[0].action='[process-target]'">
</FORM>
And Checkout.html contains:
<FORM ACTION="[process-target secure=1]" METHOD=POST>
<INPUT TYPE=hidden NAME="mv_session_id" VALUE="[data session
id]">
<INPUT TYPE=hidden NAME="mv_orderpage" VALUE="ord/checkout">
<INPUT TYPE=hidden NAME="mv_order_report" VALUE="ord/report">
<INPUT TYPE=hidden NAME="mv_failpage" VALUE="special/needfield">
<INPUT TYPE=hidden NAME="mv_order_profile"
VALUE="checkout_profile">
<INPUT TYPE=submit NAME=Submit VALUE="Recalculate">
<INPUT TYPE=submit NAME="mv_todo" VALUE="Place Order!">
</FORM>
It seems that whenever a page is called with 'process' in the resulting URL
then it is not called securely. Is this a problem in my code or a
configuration problem in catalog.cfg or in the way we set up Stronghold?
Secondly, when the 'Recalculate" pushbutton is pressed on the checkout page
the page is refreshed returning an unsecure checkout page, even if the page
was secure to start with. I am assuming this is because the resulting URL
has changed from
https://www.urbansound.com/usx00.cgi/ord/checkout?7b2XexSS;;319
to
http://www.urbansound.com/usx00.cgi/process?7b2XexSS;;368
I would appreciate any help with this. I seem to be doing it right, but am
not quite clear as to the difference betwen the two URLs and how to secure
the checkout page (or any other that I require to be secure) when referenced
as a 'process'.
Cheers,
Gerard
------------------------------
Gerard Olszowiec
Entity Software
gerard@entitysoftware.com
www.entitysoftware.com
BEGIN:VCARD
VERSION:2.1
N:Olszowiec;Gerard
FN:Gerard Olszowiec
URL:
URL:http://www.entitysoftware.com
EMAIL;PREF;INTERNET:gerard@entitysoftware.com
REV:19981231T165701Z
END:VCARD
