Announcement

Collapse
No announcement yet.

secure/insecure question

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    secure/insecure question

    Hi folks --

    I've written a custom module for a store that has some products that can't be shipped to certain states. The module checks the basket contents when the customer goes from OCST to OSEL. If any restricted items are in the basket, the module redirects them to the BASK page by changing the value of g.Screen. It also displays an error message, and highlights the restricted item(s) so the customer can click the Remove button(s).

    The problem is that this redirect occurs with an https URL, since it's coming off a checkout page. So when the customer clicks a Remove button, they get that warning box about going from a secure page to an insecure one. I must admit that I'm a little unclear on the finer points of the secure/insecure transitions, and on how they've changed in newer versions of Miva. So I could use some help getting a clean solution for this.

    My best idea is to replace the form tags for the Remove and Update-quantity forms with an if/else, about like this:

    Code:
    <mvt:if expr="('https' IN s.documenturl) EQ 1">
  <form method="post" action="&mvt:global:secure_sessionurl;">
<mvt:else>
  <form method="post" action="&mvt:global:sessionurl;">
</mvt:if>
    Is there a better way? Can I just use secure_sessionurl here, without the if/else? Or will that cause other problems?

    Thanks --
    Last edited by Kent Multer; 03-19-12, 10:36 PM.
    Kent Multer
    Magic Metal Productions
    http://TheMagicM.com
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:
    http://www.amazon.com/exec/obidos/IS...icmetalproducA
    Tags: None
    #2
    Re: secure/insecure question

    Is it necessary to have the basket being edited secure? It wasn't evident from your post if there was information being passed to the basket that needed SSL encryption. We allow editing from any checkout page and always link to a non-secure basket page without transition issues.

    Comment

      #3
      Re: secure/insecure question

      No, the BASK page doesn't have to be secure. But by the time my module changes g.Screen, the store is already processing the ORDR action, which means it was called by the secure URL on the way to the OSEL page. I don't think there's a way to change it to insecure at that time, except by fiddling around with some kind of redirect, which would be even klunkier than what I've got now :^) .

      Thanks --
      Kent Multer
      Magic Metal Productions
      http://TheMagicM.com
      * Web developer/designer
      * E-commerce and Miva
      * Author, The Official Miva Web Scripting Book -- available on-line:
      http://www.amazon.com/exec/obidos/IS...icmetalproducA

      Comment

        #4
        Re: secure/insecure question

        Your original idea should work and seems more intuitive than having every edited basket become secure.

        Comment

          #5
          Re: secure/insecure question

          Redirecting to the basket from secure to non secure mode should be perfectly acceptable and will bypass the transition problems.

          If you output this at the point you discover the item, the client browser will immediately redirect to the basket page.
          If you pass an additional parameter then you can test for it on the basket page and display a prompt or take other appropriate action.

          <MvASSIGN NAME = "l.url" VALUE="{ g.sessionurl $ 'screen=BASK&store_code=' $ encodeattribute(g.store_code) }">
          <MvASSIGN NAME = "l.void" VALUE="{ miva_output_header( 'Status', '302 Found' ) }">
          <MvASSIGN NAME = "l.void" VALUE="{ miva_output_header( 'Location', l.url ) }">
          <MvFUNCTIONRETURN VALUE="{ 1 }">
          Ray Yates
          "If I have seen further, it is by standing on the shoulders of giants."
          --- Sir Isaac Newton

          Comment

            #6
            Re: secure/insecure question

            Thanks guys, this is great info.
            Kent Multer
            Magic Metal Productions
            http://TheMagicM.com
            * Web developer/designer
            * E-commerce and Miva
            * Author, The Official Miva Web Scripting Book -- available on-line:
            http://www.amazon.com/exec/obidos/IS...icmetalproducA

            Comment

              #7
              Re: secure/insecure question

              Interesting. Let me see if I understand this. If someone visits a page as https that should be http, you can test for the documenturl and if it is https, create a 301 redirect. You get no error message from the sending page because it shows https in the link. But the page resets everything to non-secure so you don't get warnings on that page. Cool.
              Bill Weiland - Emporium Plus http://www.emporiumplus.com/store.mvc
              Online Documentation http://www.emporiumplus.com/tk3/v3/doc.htm
              Question http://www.emporiumplus.com/mivamodu...vc?Screen=SPTS
              Facebook http://www.facebook.com/EmporiumPlus
              Twitter http://twitter.com/emporiumplus

              Comment

                #8
                Re: secure/insecure question

                Yes, since you are not posting anything (you already posted when the page was submitted) the browser won't complain. You are just telling the browser to switch to a new page.

                Also use the 302 redirect instead of 301. That's what it's for.

                To demonstrate I set up a page called redirect. Click this secure link.
                https://www.kiyonna.com/Merchant2/me...creen=redirect

                This was done in Toolbelt but it works in Tookit and MivaScript just as well.

                Code:
                <mvt:item name="ry_toolbelt" param="assign|g.url|g.sessionurl $ 'screen=BASK&store_code=' $ encodeattribute(g.store_code)" />
<mvt:item name="ry_toolbelt" param="assign|g.ok|miva_output_header( 'Status', '302 Found' )" />
<mvt:item name="ry_toolbelt" param="assign|g.ok|miva_output_header( 'Location', g.url )" />
                Last edited by RayYates; 03-21-12, 11:52 AM.
                Ray Yates
                "If I have seen further, it is by standing on the shoulders of giants."
                --- Sir Isaac Newton

                Comment

                Previous template Next
                Working...
                X