Jamie Neil wrote:
Jamie Neil wrote:We've been having intermittent reports of checkout problems in the last few months (since the site started to get busy), but haven't been able to pin it on anything.However today I traced a particular checkout problem through the logs and realised that the session id was changing as the user went from the insecure pages to the secure ones. I thought I'd tested this pretty thoroughly, but obviously not thoroughly enough :(So I did some tests, and this is what I found: 1) If cookies are enabled then everything works fine.2) If cookies are disabled then everything is ok in the normal part of the site - all the URLs have session ids and the basket works fine. But as soon as you enter a secure page, the session is dropped and all subsequent links have a new session id.3) If you continue with this new session after the basket has been dropped then the session seems to stick - entering secure pages no longer drops the session id.I've checked this on both our live (4.9.7) and development (5.0) servers; IE6 and Mozilla; Mall No and Yes; FullUrl No and Yes; same problem in all cases.Our URLs are www.sitename.com for both normal and secure pages, and we use Apache rewrites to map / to /cgi-bin/catalog.I hope that the number of people who have cookies disabled is relatively small, but I'm concerned that this is may also be affecting users with cookies enabled who are browsing through a proxy farm.I'm going to have a go at removing the URL rewriting to see if that makes a difference, but after that I'm stumped :(Removing the URL rewriting has no effect either.However when I set the catalog to WideOpen it works fine. Don't really feel comfortable running like that though - makes me feel exposed ;)
Also tried: 1) DomainTail Off and IpHead On 2) HostnameLookups On Neither solved the problem.Still can't understand why the session sticks the second time but not the first.
-- Jamie Neil | <suppressed> | 0870 7777 454 Versado I.T. Services Ltd. | http://versado.net/ | 0845 450 1254 _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.