The Secure Sockets Layer (SSL) is a protocol that allows data to be transferred securely over the web. This comes in handy when you need to collect information such as credit card numbers, social security numbers etc.Internet Connection has a dedicated secure data service, SSLServer.com for use by it's customers. If your site utilizes this service and relies on our certificate, i.e. your secure pages are accessed by a URL similar to this one:
https://sslserver.com/your-domain-name/page.htmlyou will have to take special steps to preserve your cookie data. If you have your own certificate and access your secure pages through a URL like this:
https://your-domain-name/page.htmlyou will not have to take these steps.
Cookies, by their very nature, are associated with a certain domain name. Cookies set by one domain name cannot be read by another. If you use SSLServer.com, the transisiton from non-SSL to SSL causes the domain names to change and any cookies associated with your domain name will become inaccessible from within SSL.
The steps required to preserve your cookie data involve extracting the data that is associated with your domain name, then creating new cookies with this information so that it may be read once inside SSL. This should be performed on the page where the transition from non-SSL to SSL is made. With netShop, this is usually the checkout page, checkout.shtml.
The code used to accomplish this looks like:
To better understand exactly what this does, we'll break this down in pieces. First, the section before the question mark:
<form method="POST" action="https://sslserver.com/your-domain-name/path/to/cart.cgisimply defines what method the form is going to use and contains the URL to one of the cart-related scripts. Just supply your domain name and the path to your cart here. The next section, from the question mark to just before the ampersand, is part of the query string. This section:
?link-to=https://sslserver.com/your-domain-name/path/to/order.shtmlis the first command that will be processed by cart.cgi. Basically, cart.cgi will redirect the customer to the URL you provide here. As the page where this code will appear is not coming through SSL, the main purpose of this is to enter the SSL state so that you can collect customer information securely. Like the the previous section of code, just supply your domain name and the path to your order form. The third section contains another command to be performed by the cart.cgi. This part is responsible for extracting the current cookie data and creating a new cookie for use with the SSLServer.com domain name:
&set-cookie:cookie-name=<!--#exec cgi="/path/to/cart.cgi?get-cookie:cookie-name" -->">Once again, the path to your cart is needed here as well as the name of the cookie(s) you want to extract/create, shown above in bold. It's at this point that you could rename the cookie associated with SSLServer.com. For example, if you're using the RefTracker and want to change the name of the cookie holding your customer's referrer information, you'd change set-cookie: like so:
&set-cookie:new-cookie-name=<!--#exec cgi="/path/to/cart.cgi?get-cookie:used_referer" -->">If you weren't interested in changing the name of the cookie, you would use this:
&set-cookie:mycart=<!--#exec cgi="cart.cgi?get-cookie:mycart" -->This line extracts the contents of the cookie containing your tax information:
&set-cookie:tax=<!--#exec cgi="cart.cgi?get-cookie:tax" -->This line extracts the contents of the cookie containing your shipping information:
&set-cookie:shipping=<!--#exec cgi="cart.cgi?get-cookie:shipping" -->
If you combine them with the lines above, you would have something that looks like this: