Need Help! Kinda difficult, any help would be appreciated

[Derek Williams]

I have developed an ASP shopping cart system, I use Session variables to
store all my cart information. now here is the problem, this guy can not
afford an SSL Cert, so it was provided to us from the service provider.
its on a different URL and server than the site itself, when I try to checkout
to the secure site, i get an error saying there is nothing in the cart.
What I don't get is that Session variables are client side dependent and
I don't see why it doesn't work. If anyone knows how to get this to work
correctly or has had the same problem and fixed it then e-mail me or respond
to the newsgroup.

Thanks in advance,
Derek

[Dan]

Session variables are generated by a web server using cookies. Cookies are
unique to a website. So the session variables set by your website are completely
invisible to any other website. I'm 99% sure this barrier cannot be broken.

You can use hidden form fields as an alternative to session variables, but
I think it would get ugly pretty fast with a complex application such as
yours.

Dan

>What I don't get is that Session variables are client side dependent and
>I don't see why it doesn't work. If anyone knows how to get this to work
>correctly or has had the same problem and fixed it then e-mail me or respond
>to the newsgroup.
>
>Thanks in advance,
>Derek
>
>

[Derek]

I was pretty sure I would be unable to do this, my only other option is for
this guy to by an SSL Cert so that all the pages can remain on this perticular
server. Oh, is there any way to write a Permanet cookie with ASP on the
Clients hard drive? I assume that would bring up security issues. Let me
know.

"Dan" <dan.clem@trilogynetworks.com> wrote:
>
>Session variables are generated by a web server using cookies. Cookies are
>unique to a website. So the session variables set by your website are completely
>invisible to any other website. I'm 99% sure this barrier cannot be broken.
>
>You can use hidden form fields as an alternative to session variables, but
>I think it would get ugly pretty fast with a complex application such as
>yours.
>
>Dan
>
>>What I don't get is that Session variables are client side dependent and
>>I don't see why it doesn't work. If anyone knows how to get this to work
>>correctly or has had the same problem and fixed it then e-mail me or respond
>>to the newsgroup.
>>
>>Thanks in advance,
>>Derek
>>
>>
>

[Dan]

This should help. I think when it's all said and done, your client will need
their own SSL certificate.

http://www.cookiecentral.com/faq/#4.5

Dan

"Derek" <dwilliamssprint@earthlink.net> wrote:
>
>I was pretty sure I would be unable to do this, my only other option is
for
>this guy to by an SSL Cert so that all the pages can remain on this perticular
>server. Oh, is there any way to write a Permanet cookie with ASP on the
>Clients hard drive? I assume that would bring up security issues. Let
me
>know.
>

[Devin Knutson]

Cookies won't help either as cookies written from one domain are
inaccessible to any other domain, and https qualifies as a different
domain.

You should really only have to build one page with hidden form elements;
the final page before entering the secure area. On that page, list all
your cart contents as hidden form elements and pass them to the secure
area. Once in the secure area, simply write them back to session variables
if you want, or devise another strategy for the secure area if you wish.

HTH

--
Devin Knutson
Senior Developer
WebNW, LLC
http://www.webnw.com
http://www.mp3.com/DevinK
_______________________________________________________
Never leave your bowling balls in the freezer.

[Derek]

Devin,

So I need to make all my checkout links point to a page, and on that
page I can collect the cookie information, write it out in hidden fields,
and then POST that page to the secure page and then call them by using Request.Form("field
name"), does this sound right so far? The only problem I see with this is
that there could be any number of items, but I do have a 10 Item limit for
the cart, so I think i will just do Request.Form 10 times and then turn it
back in to sessions. Thanks for you help Devin, I appreciate it. Hopefully
I will be able to maintain organization of the data.

Thanks,
Derek "Dubb" Williams
Independent Contractor
http://66.1.78.99/MySite

"Devin Knutson" <devin@_NOSPAM_webnw.com> wrote:
>Cookies won't help either as cookies written from one domain are
>inaccessible to any other domain, and https qualifies as a different
>domain.
>
>You should really only have to build one page with hidden form elements;
>the final page before entering the secure area. On that page, list all
>your cart contents as hidden form elements and pass them to the secure
>area. Once in the secure area, simply write them back to session variables
>if you want, or devise another strategy for the secure area if you wish.
>
>HTH
>
>--
> Devin Knutson
> Senior Developer
> WebNW, LLC
> http://www.webnw.com
> http://www.mp3.com/DevinK
> _______________________________________________________
> Never leave your bowling balls in the freezer.
>

[Devin Knutson]

"Derek" <dwilliamssprint@earthlink.net> wrote in message
news:3baeaa50$1@news.devx.com...
>
> So I need to make all my checkout links point to a page, and on that
> page I can collect the cookie information, write it out in hidden fields,
> and then POST that page to the secure page and then call them by using
Request.Form("field
> name"), does this sound right so far?

Pretty much. I generally just make the "Checkout" button (usually on the
View Cart page) post directly to the secure area with the cart contents.

> The only problem I see with this is
> that there could be any number of items, but I do have a 10 Item limit
for
> the cart, so I think i will just do Request.Form 10 times and then turn
it
> back in to sessions.

Since all of my carts run from the database, I usually include a count of
how many line items are in the cart, and then name all the cart elements
the same. So, something like:

<%
Do While Not rsCart.EOF
X = X + 1
%>
<INPUT TYPE="Hidden" NAME="sku<%=X%>" VALUE="<%=rsCart("sku")%>">
<INPUT TYPE="Hidden" NAME="qty<%=X%>" VALUE="<%=rsCart("qty")%>">
<%
rsCart.MoveNext
Loop
%>
<INPUT TYPE="Hidden" NAME="ItemCount" VALUE="<%=X%>">


'===Then on the receiving page in the secure area:
For X = 1 To Request.Form("ItemCount")
Session("Sku" & X) = Request.Form("sku" & X)
Session("qty" & X) = Request.Form("qty" & X)
Next


I hardly ever use Session variables anymore, but this should work for a
quick down-n-dirty solution, as long as you aren't expecting tons of
traffic on a small amount of hardware. :-)

> Thanks for you help Devin, I appreciate it.

No problem!

--
Devin Knutson
Senior Developer
WebNW, LLC
http://www.webnw.com
http://www.mp3.com/DevinK
_______________________________________________________