NAVIGATION
CATEGORIES
REFERRENCE
LINKS
CookieName directive fails
1 answers - 2661 bytes -
I'm having trouble getting CookieName to work on a "merchant network"
consisting of about 40 catalogs.
We use IC 5.2.
We are trying to use CookieName in order to avoid "cross merchant shoppers"
from getting dropped cart contents when they shop at one merchant and then
go on to shop at another merchant (cookie is the same standard
MV_SESSIN_ID).
Testing on a single catalog, the directive worked K.
Applying the directive to all catalogs and restarting IC resulted in total
disaster.
What appears to happen is that the cookie would generate on the first
merchant you hit (e.g. ::
MV_1001_SESSIN_ID :: 5v8YXA8Z).
Hit another merchant (e.g. ) and it would
not generate a new cookie resulting in:
A) the "You must have cookies set " message
B) some bizarre and strictly numeric session id for
(e.g. 81234)
C) screwed up cart and session info
In fact, one user reported getting someone elses billing and shipping
address info pre-populated in the checkout routines!
All catalogs use the same secure server via an alias for checkout routines.
E.g.
=secure.secure_server_name.com
=secure.secure_server_name.com
Etc.
All merchant catalog names are numeric (1001, 1002 1040)
All catalogs use a single set of pages, templates etc. via symlinks to an
"admin catalog" (e.g. /var/lib/interchange/1020/pages ->
/).
Most of the dynamic tables (products, transactions, orderline and so on) are
global via symlinks (records are identified with the merchant_id).
This setup has been working fine for years now.
Here is a typical pre CookieName directive excerpt from one of the
catalog.cfg files:
Variable MERCHANT_ID 1001
Cookies Yes
SessionExpire 30 minutes
W Yes
With the CookieName directive it would look like:
Variable MERCHANT_ID 1001
Cookies Yes
CookieNameMVMERCHANT_IDSESSIN_ID
SessionExpire 30 minutes
W Yes
The cart has the standard:
[calc]
my $cname = $Config->{CookieName} || 'MV_SESSIN_ID';
$Scratch->{have_cookie} = $Tag->read_cookie($cname)
and delete $Scratch->{tried};
return;
[/calc]
[if scratch have_cookie]
[elsif scratch tried]
[L CART_MSG1]You must have cookies set to leave the basket.
Check out now or forever lose your shopping cart.[/L]
[/elsif]
[else]
[set tried]1[/set]
[bounce href="[area ord/basket]"]
[/else]
[/if]
Does anyone have a clue why this is not working?
Regards,
Bruno Cantieni
interchange-users mailing list
interchange-users (AT) icdevgroup (DOT) orgNo.1 | | 1855 bytes |
| 
Fri, 22 Jul 2005, Bruno Cantieni wrote:
I'm having trouble getting CookieName to work on a "merchant network"
consisting of about 40 catalogs.
[snip]
With the CookieName directive it would look like:
Variable MERCHANT_ID 1001
.
.
Cookies Yes
CookieNameMVMERCHANT_IDSESSIN_ID
I presume you have ParseVariables Yes before those directives, right?
I've not used CookieName before, but from looking at the code is would
appear that you need to also set a CookiePattern. See Vend::Dispatch:
elsif ($::Instance->{CookieName} and defined $CGI::cookie) {
$CGI::cookie =~ m{$::Instance->{CookieName}=($Vend::Cfg->{CookiePattern})};
$seed = $sessionid = $1;
$::Instance->{ExternalCookie} = $sessionid || 1;
$Vend::CookieID = $Vend::Cookie = 1;
}
elsif (defined $CGI::cookie and
$CGI::cookie =~ /\bMV_SESSIN_ID=(\w{8,32})
[:_] (
( \d{1,3}\. # An IP ADDRESS
\d{1,3}\.
\d{1,3}\.
\d{1,3})
# A user name or domain
| ([A-Za-z0-9][-\@A-Za-z.0-9]+) )?
\b/x)
{
$sessionid = $1
unless defined $CGI::values{mv_pc} and $CGI::values{mv_pc} eq 'RESET';
$CGI::cookiehost = $3;
$CGI::cookieuser = $4;
$Vend::CookieID = $Vend::Cookie = 1;
}
If you set CookieName, then a different code block is called which
requires a CookiePattern (a regular expression). If you don't set
CookieName, a hard-coded cookie pattern is used, in the next block.
Interestingly, the $CGI::cookiehost and $CGI::cookieuser won't be set if
you use a custom CookieName, and the mv_pc=RESET trick to clear your
session for testing won't work either. I think those could be considered
bugs.
I'm interested to hear if setting CookiePattern fixes your problem.
HTH,
Jon
QUESTION ON "Networking"
- hbb'any' on Solaris 10?
- RSVP and OSPF patches
- 2k3/xp System File Checker
- Detecting ISO Encoded Subjects
- SUMMARY: BGP Full route table or just default?
- Why do I need a dot at the end of my lookup?
- Snap Backup behind Firewall
- The Cidr Report
- 3750 problem
- Error getting data from database
- rfc3920 document: use of TLS
- 6509 Interface Question
- bincdrop - a (courier) maildrop replacment
- ldap newbie again
- Deleting mailbox problem
- Move SLAPI in an overlay...
- Exim and FreeBSD
- MCI billing fraud ... again
- Design question
- Got SQL? Vadmin: not just for VMailMgr any more.