[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: SSL problem: "No items in your basket" on many minivend sites

To: minivend-users@minivend.com
Subject: Re: SSL problem: "No items in your basket" on many minivend sites
From: Joe Mazz <joemazz@earthlink.net>
Date: Sat, 22 May 1999 13:14:44 -0700
References: <Pine.LNX.3.95.990515230239.15968A-100000@admin.absolutely.com.sg>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Joe Mazz <joemazz@earthlink.net>     ******

Thanks to everyone who responded to my question. Here I clarify for others
what worked for me, and ask questions about minivend cookies vs. session IDs
and what the risks are using  'WideOpen Yes'.

William Tan wrote:
>1) I set IpHead to yes in minivend.cfg
>2) enabled Cookies in catalog.cfg
>3) and DomainTail to yes in minivend.cfg (contrary to what the docs say)

After setting these, but without 'WideOpen Yes' in catalog.cfg, my cart was
still getting dropped with SSL.

>Of course, there are other changes that I have made but nothing related to
>these I hope.

>Anyway, if your secure server and the non-secure server are different
>machines (or domain / IP)

This is my situation.

> your best bet is to use the WideOpen directive
>in catalog.cfg (I think the usage is : WideOpen    Yes)

Yes! This did the trick. Nothing else worked for me,  without also setting this.
Thanks to William and others who pointed me at this.

>One thing I really don't understand is that for a POST request, the
>session id is already passed as a hidden field, why doesn't it get
>recognised.  In fact, I think only the shopping cart is dropped, where
>other things still remain.  Anybody care to explain?

I still wonder the same thing. Since there is a session ID in the minivend URLs,
why is a cookie also needed to maintain the session state with SSL (or without)?

A more important concern: Mike has a caution in the V3.12 README file
suggesting 'WideOpen Yes' a security risk. Exactly what risk are we taking
using this directive? That is, we're running WideOpen to what?
If this is a significant risk, what is the preferred SSL checkout solution?

Thanks again to all.
This is one of the most supportive groups I have encountered.

-Joe

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

References:
- Re: SSL problem: "No items in your basket" on many minivend sites
  - From: William Tan <william@absolutely.com.sg>

Prev by Date: MV 4.0 supporting XML documents ?
Next by Date: Re: Report Page Problems.
Prev by thread: Re: SSL problem: "No items in your basket" on many minivend sites
Next by thread: phantom chained costs
Index(es):
- Date
- Thread