[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ic] CookieName directive fails

I'm having trouble getting CookieName to work on a "merchant network"
consisting of about 40 catalogs.
We use IC 5.2.
We are trying to use CookieName in order to avoid "cross merchant shoppers"
from getting dropped cart contents when they shop at one merchant and then
go on to shop at another merchant (cookie is the same standard
MV_SESSION_ID).
Testing on a single catalog, the directive worked OK.
Applying the directive to all catalogs and restarting IC resulted in total
disaster.
What appears to happen is that the cookie would generate on the first
merchant you hit (e.g. merchant1.secure_server_name.com ::
MV_1001_SESSION_ID :: 5v8YXA8Z).
Hit another merchant (e.g. merchant2.secure_server_name.com) and it would
not generate a new cookie resulting in:
A) the "You must have cookies set .. " message
B) some bizarre and strictly numeric session id for
merchant2.secure_server_name.com (e.g. 81234)
C) screwed up cart and session info
In fact, one user reported getting someone elses billing and shipping
address info pre-populated in the checkout routines!

All catalogs use the same secure server via an alias for checkout routines.
E.g.
merchant1.secure_server_name.com => secure.secure_server_name.com
merchant2.secure_server_name.com => secure.secure_server_name.com
Etc.
All merchant catalog names are numeric (1001, 1002 .. 1040)
All catalogs use a single set of pages, templates etc. via symlinks to an
"admin catalog" (e.g. /var/lib/interchange/1020/pages ->
/var/lib/interchange/admin/pages).
Most of the dynamic tables (products, transactions, orderline and so on) are
global via symlinks (records are identified with the merchant_id).
This setup has been working fine for years now.

Here is a typical pre CookieName directive excerpt from one of the
catalog.cfg files:
Variable    MERCHANT_ID        1001
.
.
Cookies Yes
SessionExpire  30 minutes
WideOpen       Yes

With the CookieName directive it would look like:
Variable    MERCHANT_ID        1001
.
.
Cookies Yes
CookieName	MV___MERCHANT_ID___SESSION_ID
SessionExpire  30 minutes
WideOpen       Yes

The cart has the standard:
	[calc]
		my $cname = $Config->{CookieName} || 'MV_SESSION_ID';
		$Scratch->{have_cookie} = $Tag->read_cookie($cname)
			and delete $Scratch->{tried};
		return;
	[/calc]
	[if scratch have_cookie]
	[elsif scratch tried]
    		[L CART_MSG1]You must have cookies set to leave the basket.
Check out now or forever lose your shopping cart.[/L]
	[/elsif]
	[else]
		[set tried]1[/set]
		[bounce href="[area ord/basket]"]
	[/else]
	[/if]

Does anyone have a clue why this is not working?

Regards,
Bruno Cantieni

_______________________________________________
interchange-users mailing list
suppressed
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.