[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: WideOpen can cause problems!

To: minivend-users@minivend.com
Subject: Re: WideOpen can cause problems!
From: Kyle Cook <kyle@invisio.com>
Date: Sun, 15 Aug 1999 02:35:40 -0500
In-Reply-To: <19990814132212.A16050@bill.minivend.com>
References: <19990814104749.A15365@bill.minivend.com><004701bee5ae$afbb23e0$a02fe9cc@r1k8f3><4.1.19990813152407.00a12340@invisio.com><19990814104749.A15365@bill.minivend.com>

At 01:22 PM 8/14/99 -0400, you wrote:
>******    message to minivend-users from mikeh@minivend.com     ******
>
>****** message to minivend-announce from mikeh@minivend.com******
>
>Quoting mikeh@minivend.com (mikeh@minivend.com):
>> ******    message to minivend-users from mikeh@minivend.com     ******
>> 
>> Quoting Kyle Cook (kyle@invisio.com):
>> > ******    message to minivend-users from Kyle Cook <kyle@invisio.com>    
> ******
>> > 
>> > WideOpen, it can cause problems!
>> > 
>> > Specifically, I have a shop that is running WideOpen
>> > because that was the only way I could prevent
>> > the cart contents from being dropped when switching
>> > to the secure checkout page (which is a different domain)
>> > 
>> 
>> If you are going to run WideOpen, it is wise to set in catalog.cfg:
>> 
>> 	SessionExpire  10 minutes
>> 
>> The best thing to do is not run WideOpen, but...perhaps I can do
>> something about this.
>> 
>
>Stupid me -- as well as changing the SessionExpire to a lower number,
>you should change this in bin/minivend:
>

Got the code, thanks Mike!
One more question/suggestion if you don't mind:
 
What do you think about the following change though?
(Not tried yet)

The only line I added was:
undef $sessionid unless defined $Vend::Session->{'version'}; #  Don't use
outside id's if they don't exist in session file


# bin/minivend near line 2353 +/- (I've changed a few other things)

    if (defined $CGI::query_string && $CGI::query_string ne '') {
		($sessionid, $argument, $rest) = split(/;/, $CGI::query_string);
		if ($CGI::cookie =~ /\bMV_SESSION_ID=(\w{8,32})
								[:_] (
									(	\d{1,3}\.   # An IP ADDRESS
										\d{1,3}\.
										\d{1,3}\.
										\d{1,3})
									# A user name or domain
									|	([A-Za-z0-9][-\@A-Za-z.0-9]+) )?
									\b/x) {
			$sessionid = $1 unless defined $rest && $rest eq 'RESET';
			$CGI::cookiehost = $3 || undef;
			$CGI::cookieuser = $4 || undef;
		}
		else {
			$sessionid =~ /^\w{8}$/ or undef $sessionid;
			undef $sessionid unless defined $Vend::Session->{'version'}; #  Don't
use outside id's if they don't exist
		}
		$argument =~ s/%([A-Fa-f0-9]{2})/chr(hex($1))/eg
			if $Vend::Cfg->{NewEscape};
		$Vend::Argument = $argument;
    }



Do you think that would prevent outside links that contained a cart
id number from using that number? 
I think it should, and will try it, but wanted to check with the guru
first because I'm still learning the fine points of your great program!
(If the above flattery does not work, where do I send the beer? :)

Thanks,
Kyle


http://www.invisio.com 
Web site design, database driven sites,
and shopping cart programming. 
Great sites, value priced!

Follow-Ups:
- Re: WideOpen can cause problems!
  - From: mikeh@minivend.com

References:
- Re: WideOpen can cause problems!
  - From: mikeh@minivend.com
- annoying repetitive minimate/security question
  - From: "NATHANIEL DAIGER" <nate@daiger.com>
- WideOpen can cause problems!
  - From: Kyle Cook <kyle@invisio.com>
- Re: WideOpen can cause problems!
  - From: mikeh@minivend.com

Prev by Date: [area scan
Next by Date: Re: WideOpen can cause problems!
Prev by thread: Re: WideOpen can cause problems!
Next by thread: Re: WideOpen can cause problems!
Index(es):
- Date
- Thread