[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: Previous customer info showing

To: minivend-users@minivend.com
Subject: Re: Previous customer info showing
From: Kyle Cook <kyle@invisio.com>
Date: Tue, 10 Aug 1999 23:26:49 -0500
In-Reply-To: <19990810153512.A1123@maine.com>
References: <4.1.19990810142657.009f1650@invisio.com><4.1.19990810142657.009f1650@invisio.com>

Thanks Anthony,

I have found a good way to do it, but I would like to improve it
and can't seem to get the last part figured out:

The following works great, except that now no one can link to a page 
directly inside the catalog from a different domain. (they get booted
to the main index page while shedding the bad cart id)

[if session referer !~ /__SERVER_NAME__/]
[tag op=header]
Content-Type: text/html
Set-Cookie: foo
[/tag]
[set mv_no_session_id]1[/set]
[set mv_no_count]1[/set]
[tag op=header interpolate=1]
Status: 302 moved
Content-type: text/html
Location: http://__SERVER_NAME__
[/tag][set mv_no_cache]1[/set]
[/if]

I want to include a check in the above to allow the link
to work as long as there is no session id in the url that
was used to link here (if it came from a different domain)
or better yet, relink them to the same page minus the
cart id in the url!
I have tried the below (and a dozen other variations) with
no success:

it is embedded in comment tags to test in live site
(using $ref =~ instead of $ref !~ for testing purposes
so I can just refresh the page w/ out going to a different
domain and erasing cookies etc each time)

[if explicit]
[condition]
$id = '[data session id]';
$ref = '[data session referer]';
$serv = '__SERVER_NAME__';
return 1 if ($id && ($ref =~ /$serv/));
return 0;
[/condition]
It worked!
[/if]

The problem is that it never returns a true value.
it works fine if I set $ref = "www.myserver.com"
which is exactly the same as what
[data session referer] returns if I use it on the
page elsewhere. But for some reason in side
the [condition] tags it is not working.

To verify I tried the exact code inside of perl tags:

[perl interpolate=1]
$id = '[data session id]';
$ref = '[data session referer]';
$server = '__SERVER_NAME__';
return 1 if ($id && ($ref =~ /$serv/));
return 0;
[/perl]

and it worked (returned a 1)

Anyone know why the difference or a way around it?
As soon as I get it straightened out, I'll post the final
code to help others get around the search engine
spidering (while using WideOpen)

Thanks,
Kyle

At 03:35 PM 8/10/99 -0500, you wrote:
>******    message to minivend-users from "Mr. Anthony R.J. Ball" 
><ant@maine.com>     ******
>
>> The problem:
>> A certain un-named search type engine has apparently spidered
>> his site and is now driving lots of traffic there (again good)!
>> BUT, the url's they are using to point to products in the shop
>> are including the query string (which has the cart ID) so
>> when a visitor, via these links, comes to the store they see
>> the previous visitors name,address, etc (NOT CC of course)
>> 
>> So, what is the best way to combat this problem?
>> 
>> I have already asked the search engine to remove all references
>> to the query string (what ever good that may do) and I have set
>> the session expire to 2 hours with a crontab to also expire
>> every 2 hours for his catalog. His users do not "sign in" so
>> I don't need to keep their data anyway.
>> 
>> I had read that I could erase the info on the final page of the
>> checkout process but what is the last step? (receipt.html or 
>> report)
>
>  Receipt is the last page... put an init session in there and it'll
>blow everything away, I believe. 
>  One way to this might be to check the referer and turn off the session
>info in the query string if the referer is the web spider. I'm not sure
>how to turn off the session info in the url... but I know it's possible.
>
>You might want to just require cookies for your site and turn it off 
>permanently... but that's up to you.
>
>  Definately the easiest way to fix it.
>
>-- 
>
>Anthony Ball                                                ant@maine.com
>MaineStreet Communications, Inc        208 Portland Road, Gray, ME  04039
>tel:1.207.657.5078         fax:1.207.657.5048       http://www.maine.com/
>-
>To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list

http://www.invisio.com 
Web site design, database driven sites,
and shopping cart programming. 
Great sites, value priced!

References:
- Previous customer info showing
  - From: Kyle Cook <kyle@invisio.com>
- Re: Previous customer info showing
  - From: "Mr. Anthony R.J. Ball" <ant@maine.com>

Prev by Date: Running separate stores in single catalog (& ISP's)
Next by Date: Re: Running separate stores in single catalog (& ISP's)
Prev by thread: Re: Previous customer info showing
Next by thread: System performance
Index(es):
- Date
- Thread