[ic] Secure server cart getting dropped.
Dave Turk
interchange-users@interchange.redhat.com
Sat Feb 23 14:55:01 2002
My server is cohosted and part of the agreement is to use only 3 ip address,
which is only enough for 3 different SSL certificates(which is not enough).
My only alternative is to make the session carry across from the nonsecure
domain to the SSL domain. This should be possible but I'm not sure where to
start.
Thanks
Dave Turk
----- Original Message -----
From: "Ed LaFrance" <edl@newmediaems.com>
To: <interchange-users@interchange.redhat.com>
Sent: Saturday, February 23, 2002 9:49 AM
Subject: Re: [ic] Secure server cart getting dropped.
> At 08:03 AM 2/23/2002 -0700, you wrote:
> >When I goto check out there are no items in the cart. I see that a new
> >cookie is issued for the secure domain and it is as though I have started
a
> >new session. There has to be somebody out there running more that one
> >customers catalog under the same SSL certificate.
> >
> >Our file structure is set up as follows.
> >/var/www/html/ = site.with.certificate.com
> >var/www/html/customerdomanin.com/ = customerdomain.com
> >/var/www/cgi-bin aliased to all domains
> >
> >http://www.customerdomain.com/cgi-bin/customerdomain all is OK here
> >but when we go to check out
> >
> >https://www.site.with.certificate.com/cgi-bin/customerdomain we get
here
> >and the cart is dropped. I do this with other shopping carts and it
works
> >fine.
> >
> >SERVER_SOFTWARE = Apache/1.3.14 (Unix) (Red-Hat/Linux7.0) mod_ssl/2.7.1
> >OpenSSL/0.9.5a PHP/4.0.4pl1 mod_perl/1.24
> >I am using ver 4.8.3 RedHat Interchange
> >
> >
> >I have referred to the information below but have been unable to get it
to
> >work.
> >
>
> [DEL] The following is from the SSL FAQ:
>
>
> > > But by far the best way is to have all orders and shopping cart
calls
> >go
> > > only to the secure domain. Your users may get a different session
> >when
> > > browsing the non-secure catalog pages, but it will matter little.
> > >
> > > To do this on the Foundation demo, place in catalog.cfg:
> > >
> > > AlwaysSecure order ord/basket ord/checkout
> > >
> > > A more complete list might be:
> > >
> > > AlwaysSecure <<EOF
> > > account
> > > change_password
> > > customerservice
> > > login
> > > logout
> > > new_account
> > > ord/basket
> > > ord/checkout
> > > order
> > > process
> > > query/check_orders
> > > query/order_detail
> > > query/order_return
> > > returns
> > > saved_carts
> > > ship_addresses
> > > EOF
> > >
> > > (Thanks to John Beima for the above list.)
> > > Add pages of your own that need to be sure of coherent
> > > session information.
>
> I have set up exactly 1 cart for a client in which the SSL and non-SSL
> domains were different, and after fiddling a bit, I just decided to just
> run the whole site under SSL. If you (or your client) is unable or
> unwilling to pop $100 bucks or so a year for a cert, this is your reward.
> The only other approach that I know of, and I believe some people who are
> (or were) on this list have tried it, is to set up a central, server-wide
> session file repository, in conjunction with the domain-related directives
> in Interchange.cfg, so that a session can be carried across multiple
> domains if needed. You are probably going to have to fiddle with the
> source code to get this to work. Also, there is a wealth of material on
> this subject in the archives; go mining.
>
> Any other ideas, anyone?
>
> - Ed L.
>
>
>
> ===============================================================
> New Media E.M.S. Software Solutions for Business
> 463 Main St., Suite D eCommerce | Consulting | Hosting
> Placerville, CA 95667 edl@newmediaems.com
> (530) 622-9421 http://www.newmediaems.com
> (866) 519-4680 Toll-Free (530) 622-9426 Fax
> ===============================================================
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
>
>