uShop English (U.S.) for 179!

uStorekeeper English (U.S.) for 149!

 Products
       uTest
       uReserve
       uShop
       uStorekeeper
       uGolf
       uDirectory
       uSignIn
 Tech Support
       Support Policy
       Knowledge Base
            uTest
            uReserve
            uShop
            uStorekeeper
            uGolf
            uDirectory
            uSignIn
       Documentation
       Reference Sites
 Legal
       Software Piracy
       Legal Notices
       Privacy Policy
       Licensing
 Miscellaneous
       Reseller Info
       Contact Us
       Site Map
Log In Login Screen Randomly Displayed During Order Process

Knowledge Base Lobby : uShop Support Conference : CGI Script Related Problems
Dec-16-17 11:58 AM EST
Original Message
Log In Login Screen Randomly Displayed During Order Process
Author Microburst Support Team on 02-19-2004 at 09:56 (EST)
It appears that the latest IE6 Security patch causes intermittent POST failures such that uShop receives a blank command POSTed to it, and then the Log In screen displays.

There is an article on MSN TechNet which seems to address the problem caused by installing the latest IE6 cumulative security update:
http://support.microsoft.com/default.aspx?kbid=831167

On this page, there are instructions to download and install a fix, plus instructions to modify the program registry...probably not something your customers would do and not something we recommend.

Also, read the FAQ found at this link -
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp
and you might also be further led to believe, as are we, that the intermittent problems posting to an SSL url is indeed the result of the latest IE6 security update.

In our tests where uShop was set up to NOT reference any secure (SSL) URLs....the errors were not reproducible at all, further reinforcing our belief that the Microsoft TechNet article link above describes the same intermittent problem posting to secure URLs (the https references in the ushop script) that our customers are now reporting.

We also inserted some debug into the login screen such that when it popped up unexpectedly during the order process, we could see exactly which command was POSTed to the ushop script...and we found the command to be blank when the error was experienced - which is what we suspected as well. When uShop receives a command POST that it doesnt understand (i.e. a blank command), it always throws up the log in screen.

Most customers who experience the error will probably move on to another site and not bother to report the error to you, but understand that this is NOT a uShop-only error - this error will __intermittently__ occur for other websites posting forms to SSL URLs, not just uShop sites.

The TechNet article mentions that -
Programs that use Wininet functions to post data (such as a user name or a password) to a Web server retry the POST request with a blank header if the Web server closes (or resets) the initial connection request
...there might be a setting on your web server regarding the time before it closes a connection request - something that could be lengthened? You might inquire about this with your web host.

Other thoughts:

If your uShop is set up to use a secure payment gateway, you could temporarily change the uShop scripts configuration to not reference a secure server (change in the ushop.pl and change the script_url param in any orderbutton applet that is used), as the payment gateway would handle the secure info/handling.

You could also temporarily put a message at the entrance of your store warning not to use IE6, or to recommend an earlier version of the browser...or even Netscape...as Microsoft will at some point release another security update to fix the problem they created.
E-MAIL AUTHOR | TABLE OF CONTENTS

Table Of Contents
No replies have been posted.

© 2003 Microburst Technologies, Inc.