[ic] Old bug in interchange

Joachim Leidinger interchange-users@interchange.redhat.com
Thu Feb 28 09:58:01 2002 

Hi List,

I've the same old problem with the secure page and Browser without
cookies.
I'm talking about the part codes of interchange Version 4.8.3

-------------- snip ------------
my $compare_host	= $CGI::secure
			? ($Vend::Session->{shost})
			: ($Vend::Session->{ohost});

#jojo
::logDebug("1 compare_host=$compare_host cgisecure= $CGI::secure
id=$sessionid shost=$Vend::Session->{shost}
ohost=$Vend::Session->{ohost} remoteadd=$CGI::remote_addr\n");
			if(! $compare_host) {
				new_session($seed) unless $CGI::secure;
				init_session();
				$Vend::Session->{shost} = $CGI::remote_addr;
#jojo
::logDebug("2 compare_host=$compare_host cgisecure= $CGI::secure
id=$sessionid shost=$Vend::Session->{shost}
ohost=$Vend::Session->{ohost} remoteadd=$CGI::remote_addr\n");
			}
			elsif ($compare_host ne $CGI::remote_addr) {
				new_session($seed);
				init_session();
#jojo
::logDebug("3 compare_host=$compare_host cgisecure= $CGI::secure
id=$sessionid shost=$Vend::Session->{shost}
ohost=$Vend::Session->{ohost} remoteadd=$CGI::remote_addr\n");
			}
		}
#jojo
::logDebug("4  cgisecure= $CGI::secure id=$sessionid
shost=$Vend::Session->{shost} ohost=$Vend::Session->{ohost}
remoteadd=$CGI::remote_addr\n");
.....
-------------- snip ------------

$compare_host is empty or set with the remote_add. 

-------------- snip ------------
main:debug:  ! im CookieID 
main:debug: 1 compare_host=192.168.3.1 cgisecure=  id=QPXHYnMz shost=
ohost=192.168.3.1 remoteadd=192.168.3.1
main:debug: 4  cgisecure=  id=QPXHYnMz shost= ohost=192.168.3.1
remoteadd=192.168.3.1

main:debug:  ! im CookieID 
main:debug: 1 compare_host=192.168.3.1 cgisecure=  id=QPXHYnMz shost=
ohost=192.168.3.1 remoteadd=192.168.3.1
main:debug: 4  cgisecure=  id=QPXHYnMz shost= ohost=192.168.3.1
remoteadd=192.168.3.1

Successful login by user 'and17'
main:debug:  ! im CookieID 
main:debug: 1 compare_host=192.168.3.1 cgisecure=  id=QPXHYnMz shost=
ohost=192.168.3.1 remoteadd=192.168.3.1
main:debug: 4  cgisecure=  id=QPXHYnMz shost= ohost=192.168.3.1
remoteadd=192.168.3.1

Successful login by user 'and17'
main:debug:  ! im CookieID 
main:debug: 1 compare_host=192.168.3.1 cgisecure=  id=QPXHYnMz shost=
ohost=192.168.3.1 remoteadd=192.168.3.1
main:debug: 4  cgisecure=  id=QPXHYnMz shost= ohost=192.168.3.1
remoteadd=192.168.3.1
-------------- snip ------------

If I call an insecure checkout page, I get the right cart.
If I call secure checkout page, I lost my cart and get a new session id.

-------------- snip ------------
Successful login by user 'and17'
main:debug:  ! im CookieID 
main:debug: 1 compare_host=192.168.3.1 cgisecure=  id=QPXHYnMz shost=
ohost=192.168.3.1 remoteadd=192.168.3.1
main:debug: 4  cgisecure=  id=QPXHYnMz shost= ohost=192.168.3.1
remoteadd=192.168.3.1

main:debug:  ! im CookieID 
main:debug: 1 compare_host= cgisecure= on id=QPXHYnMz shost=
ohost=192.168.3.1 remoteadd=192.168.3.1
Vend::Session:debug: init  ohost=192.168.3.1 shost=
Vend::Session:debug: init session 2 ohost=192.168.3.1 shost=192.168.3.1
main:debug: 2 compare_host= cgisecure= on id=QPXHYnMz shost=192.168.3.1
ohost=192.168.3.1 remoteadd=192.168.3.1
main:debug: 4  cgisecure= on id=QPXHYnMz shost=192.168.3.1
ohost=192.168.3.1 remoteadd=192.168.3.1
Vend::Session:debug: init  ohost=192.168.3.1 shost=
Vend::Session:debug: init session 2 ohost=192.168.3.1 shost=192.168.3.1
Vend::Session:debug: init_session MzpBNn4T:192.168.3.1
-------------- snip ------------

>From the Perl Nutshell, I read

4.5.11.2 Conditional operator

Ternary ?: is the conditional operator. It works much like an
if-then-else statement, but it can safely be embedded within other
operations and functions. 

      test_expr ? if_true_expr : if_false_expr

If the test_expr is true, only the if_true_expr is evaluated. Otherwise,
only the if_false_expr is evaluated. Either way, the value of the
evaluated expression becomes the value of the entire expression.

$compare_host is always empty, if $CGI::secure is "on" and
($Vend::Session->{shost}) is empty at the first time. In this case, the
following codes 

			if(! $compare_host) {
				new_session($seed) unless $CGI::secure;
				init_session();
				$Vend::Session->{shost} = $CGI::remote_addr;
			}
			elsif ($compare_host ne $CGI::remote_addr) {
				new_session($seed);
				init_session();
			}

will not be works right. If I've

                        if ($CGI::secure) { $Vend::Session->{shost} =
$CGI::remote_addr;}
			my $compare_host	= $CGI::secure
								? ($Vend::Session->{shost})
								: ($Vend::Session->{ohost});

It works well! I'm in a muddle. This was reported a long time ago. See
also

http://interchange.redhat.com/archive/interchange-users/2001/msg01027.html
http://interchange.redhat.com/archive/interchange-users/2000/msg06737.html
http://interchange.redhat.com/archive/interchange-users/2000/msg06760.html

Any comments? Why did I lost carts and a new session id with
Non-Cookie-Browser, if the secure doman and the nonsecure domain is the
same? Or did I missing something?

Thanks!

Joachim Leidinger

-- 
Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
[leidinger@bpanet.de] 
Black Point Arts Internet Solutions GmbH
http://www.bpanet.de