Author |
Topic |
|
dandlyin
VP-CART New User
USA
73 Posts |
Posted - February 10 2006 : 09:48:07
|
RE: V 6.07 on windows server
At the completion of an order, if one clicks on the top buttons or side navigation links, he/she remians in secure mode. I noticed this also happened when I ordered the FedEx realtime add-on from the VP-ASP site. Those links are relative in my setup, which is the logical arrangment. If one clicks on the 'Return to the homepage' text link, the system breaks out of secure mode but we can't count on them to do so. I am using 'shopdisplaycategories.asp' for xcontinueshopping and 'Yes' for xcontinueshoppingdynamic (to try to return to the last url), if that matters. The first solution I can see is to make all the links absolute, which seems a poor technique. The second is to make shopthanks.asp a 'continue' page, lacking the normal page headers, etc., which would force a return to non-secure mode. Is there a better way? Thanks, Dan Dotson
|
|
dandlyin
VP-CART New User
USA
73 Posts |
Posted - February 10 2006 : 10:02:30
|
I commented out line 84 in shopthanks.asp, eliminating the presentation of normal headers. This forces a click on the 'return to home page' link. It's not pretty but it works. If anyone has a better solution, I would like to hear it. Thanks, Dan |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - February 10 2006 : 13:21:20
|
we've got a "domain tools" addon which isn't officially for-sale yet (ie we haven't packaged it up yet, but it all works really nicely and have been using it on loads of vpasp sites), where you can specify a list of all the asp files that you want to force ssl onto, and a function which automatically redirects you on/off ssl according to which page you're on; it means that you don't need to change any of your links (as long as your links are relative and not absolute) and can instead just add the new function to your shop$db.asp file to do the necessary jumping-about and set whatever pages you want in your "ssl page list" config file.
is that what you're after ?
if anyone else would also find this useful, can you post here so that we can get an idea of demand for it ? (and how much people'd be prepared to pay, if you're feeling very generous in giving out your thoughts on that aspect!)
Simon Barnaby Developer [email protected] www.BigYellowZone.com Web Design, Online Marketing and VPASP addons |
|
|
dandlyin
VP-CART New User
USA
73 Posts |
Posted - February 10 2006 : 13:50:21
|
shopthanks.asp must be kept secure or MSIE whines about insecure items. I don't think your add-on solves my problem- but correct me if I'm wrong. Thank you, Dan |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - February 10 2006 : 14:16:58
|
I think it'd solve the problem; if someone tried to access shopthanks on a non-ssl url then it'd automatically redirect them to the ssl.
the redirection would happen before any of the shopthanks.asp stuff is done (ie from shop$db.asp).
you'd set shopthanks.asp as one of the ssl files in your ssl-page-list config file, and just leave all your other links as they are (ie relative, not absolute), that'd force shopthanks.asp to always be loaded on ssl, but all other pages to force you off ssl.
if one of your links points to, say, "https://blah.com/mypage.asp" when you're on the shopthanks page (ie a relative link on an ssl page to a non-ssl page), then as long as "mypage.asp" isn't in your list of ssl pages, the tool will automatically force you onto "http://blah.com/mypage.asp" after you've clicked on the link; I think that's the problem that you were unsure about on your reply above; hope that helps clarifies a bit.
Simon Barnaby Developer [email protected] www.BigYellowZone.com Web Design, Online Marketing and VPASP addons |
Edited by - devshb on February 10 2006 14:56:47 |
|
|
dandlyin
VP-CART New User
USA
73 Posts |
Posted - February 10 2006 : 16:42:13
|
OK, I can see where it might work. Have you seen this as a problem on other sites? I suppose this is unique to this new version. I really think it should be fixed in the package, not with an add-on but I'm satisfied with my solution until then. BTW, I added this line after the original Line 84: response.write "<html><HEAD><link href=""stylesheets/shop.css"" rel=""stylesheet"" type=""text/css""></HEAD><body>" It keeps the HTML correct and the plain page from being too plain. I also killed the following line: 'Shopthanksprint because the plain page is already printer friendly. The only way out is through the link to shopend.asp, which kills the secure process. Thank you for your replies. Dan |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - February 10 2006 : 18:29:32
|
yep; I've seen it on lots of sites; it's a generic problem/issue for any site (not just vpasp). whether it's perceived as a bug in cart/site software or a more general/higher-level/generic aspect that you'd want a separate tool for is up for debate I guess, but personally I'd see it as a generic problem which you'd have a tool for.
there's a similar problem of when people jump from "http://www.blah.com" to "http://blah.com" (or vice-versa) where your cookies get treated as-if they're on a separate domain, hence you end up losing your cart contents. again, that's a generic problem with all sites.
our tool deals with both those aspects, and is pretty generic asp so could also be used in other (non-vpasp) asp applications.
these problems are quite involved; it took us ages to define generic solutions that'd work for all the various setups etc (we've spent a lot of time over the years investigating and fixing these kinds of problems; they can sometimes be quite nasty and cause lots of dropped carts)
Simon Barnaby Developer [email protected] www.BigYellowZone.com Web Design, Online Marketing and VPASP addons |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
|
|
Topic |
|