home  ECOMMERCE NETSHOP  : Passing Cookie Data Through SSL 

Passing Cookie Data Through SSLServer.com

SearchSecurity.com defines a cookie as:

"...information that a Web site puts on your hard disk so that it can remember something about you at a later time. (More technically, it is information for future use that is stored by the server on the client side of a client/server communication.)"

Two of Internet Connection's products, netShop and RefTracker use cookies to store information for and about your customers/visitors respectively. We will be using both of these products for the examples below.

The Secure Sockets Layer (SSL) is a protocol that allows data to be transferred securely over the web. This comes in handy when you need to collect information such as credit card numbers, social security numbers etc.

Internet Connection has a dedicated secure data service, SSLServer.com for use by it's customers. If your site utilizes this service and relies on our certificate, i.e. your secure pages are accessed by a URL similar to this one:

https://sslserver.com/your-domain-name/page.html

you will have to take special steps to preserve your cookie data. If you have your own certificate and access your secure pages through a URL like this:

https://your-domain-name/page.html

you will not have to take these steps.

Domain Names and Cookies

Cookies, by their very nature, are associated with a certain domain name. Cookies set by one domain name cannot be read by another. If you use SSLServer.com, the transisiton from non-SSL to SSL causes the domain names to change and any cookies associated with your domain name will become inaccessible from within SSL.

The steps required to preserve your cookie data involve extracting the data that is associated with your domain name, then creating new cookies with this information so that it may be read once inside SSL. This should be performed on the page where the transition from non-SSL to SSL is made. With netShop, this is usually the checkout page, checkout.shtml.

The code used to accomplish this looks like:

To better understand exactly what this does, we'll break this down in pieces. First, the section before the question mark:

<form method="POST" action="https://sslserver.com/your-domain-name/path/to/cart.cgi

simply defines what method the form is going to use and contains the URL to one of the cart-related scripts. Just supply your domain name and the path to your cart here. The next section, from the question mark to just before the ampersand, is part of the query string. This section:

?link-to=https://sslserver.com/your-domain-name/path/to/order.shtml

is the first command that will be processed by cart.cgi. Basically, cart.cgi will redirect the customer to the URL you provide here. As the page where this code will appear is not coming through SSL, the main purpose of this is to enter the SSL state so that you can collect customer information securely. Like the the previous section of code, just supply your domain name and the path to your order form. The third section contains another command to be performed by the cart.cgi. This part is responsible for extracting the current cookie data and creating a new cookie for use with the SSLServer.com domain name:

&set-cookie:cookie-name=<!--#exec cgi="/path/to/cart.cgi?get-cookie:cookie-name" -->">

Once again, the path to your cart is needed here as well as the name of the cookie(s) you want to extract/create, shown above in bold. It's at this point that you could rename the cookie associated with SSLServer.com. For example, if you're using the RefTracker and want to change the name of the cookie holding your customer's referrer information, you'd change set-cookie: like so:

&set-cookie:new-cookie-name=<!--#exec cgi="/path/to/cart.cgi?get-cookie:used_referer" -->">

If you weren't interested in changing the name of the cookie, you would use this:

&set-cookie:used_referer=<!--#exec cgi="/path/to/cart.cgi?get-cookie:used_referer" -->">

for the cookie used by the RefTracker. As mentioned above, netShop also uses cookies to store information. The contents of your customer's cart as well as other values such as tax and shipping are all stored in cookies. To extract these values and create new cookies for them as well, you would follow the example above to add a few more commands for the cart.cgi to process. This line extracts the contents of the cookie containing your customers cart:

&set-cookie:mycart=<!--#exec cgi="cart.cgi?get-cookie:mycart" -->

This line extracts the contents of the cookie containing your tax information:

&set-cookie:tax=<!--#exec cgi="cart.cgi?get-cookie:tax" -->

This line extracts the contents of the cookie containing your shipping information:

&set-cookie:shipping=<!--#exec cgi="cart.cgi?get-cookie:shipping" -->

If you combine them with the lines above, you would have something that looks like this:

Related Items

Email and Web Hosting by Internet Connection 2004-2009 ©
Contact Us