Image doesn't appear when using SSL in CGI

I just set up an SSL certificate on my site which works great - however in my cgi code where I currently in a table call an image like this:

 $table    .= "  <TD>@fields[0]</TD>\n";   #item
 $table    .= "  <TD><IMG SRC=\"../../images/Inv/@fields[1].gif\"><BR><FONT SIZE=-1>@fields[1]</FONT></TD>\n";   #design
 $table    .= "  <TD>@fields[2]</TD>\n";   #description
 $table    .= "  <TD>@fields[3]</TD>\n";   #quantity
 $table    .= "  <TD>\$@fields[4]</TD>\n"; #price
 $table    .= "  <TD>\$$itemtotal</TD>\n";

The image now doesn't appear - what is the trick over SSL so that it appears - when I changed it to the following it still didn't appear:

 $table    .= "  <TD>@fields[0]</TD>\n";   #item
 $table    .= "  <TD><IMG SRC=\"https://mysite.com/images/Inv/@fields[1].gif\"><BR><FONT SIZE=-1>@fields[1]</FONT></TD>\n";   #design
  $table    .= "  <TD>@fields[2]</TD>\n";   #description
  $table    .= "  <TD>@fields[3]</TD>\n";   #quantity
  $table    .= "  <TD>\$@fields[4]</TD>\n"; #price
  $table    .= "  <TD>\$$itemtotal</TD>\n";

What's odd it that images on the page which get called via standard html all appear - it's just my dynamic image which doesn't appear!
LVL 1
kpu8Asked:
Who is Participating?
 
ahoffmannConnect With a Mentor Commented:
> print "Refresh: 0; URL=http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";
what should this be? Are you trying to write content of a meta tag as HTTP header?
probably you mean:

print "Location: http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";

And keep in mind that you set the cookie for the domain which returns this header, not for the Location you return!
0
 
kanduraCommented:
in what way exactly does it not appear? isn't it in the resulting html? or is the image not found? if so, what are the headers for that image?
0
 
kpu8Author Commented:
The html is never rendered now that the page is under SSL.

When you say headers that's a good point - I've never used them on that page - however I assume you meaning something like:

print "Content-type: text/html\n\n";

or is their a specifc header I need to use for an image?
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
kanduraCommented:
kpu8,
> The html is never rendered now that the page is under SSL.

so what _do_ you get? and what does the error log say?
0
 
TintinCommented:

@fields[1] should be written as $fields[1]


So, I assume you just get a blank page then?

Do you control the web server configuration?  If so, have you setup CGI access for the SSL configuration?
0
 
ahoffmannCommented:
correct errors as Tintin suggested,
then post HTML you see in your browser with "view source"
0
 
kpu8Author Commented:
OK - I see what is going on - the data that isn't displaying is being read via a cookie!

Therefore how does one read cookie data using SSL:

The code which set's the cookie looks like:

# Write the cookie
print "Content-type: text/html\n";
print "Set-Cookie: cart=$cookieNew; path=/\n";
print "Refresh: 0; URL=http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";
print "<BR>";

Therefore - I tried add the word secure after the path like this

print "Set-Cookie: cart=$cookieNew; path=/; secure\n";

But then the non SSL page didn't read the data nor did the SSL page!

Thanks

Sorry about the delay in this one - this is a case where I didn't write the original CGI/Perl code so it's been a project as I have time!
0
 
kpu8Author Commented:
What happens is the cookie get's set once a user chooses an item then brings them back (thus the refresh) to the shopping cart so they can buy more items as well as see what's they've already bought.

The table that get's created is read from a cookie - however it appears I must have to set it differently when the cookie get's read over SSL as the data from the cookie is read fine over http: but over https: it isn't read.

Therefore what is the secret with reading cookies over http with Perl?
0
 
ahoffmannCommented:
if a cookie has set the secure flag a browser should never transmit it over http
some browser are buggy, as usual, and IE supports a HTTPSonly flag too (heaven knows why)-:

And again read http:#13943075

If you plan to make a shopping site, hope you know how many hacks are out in the wild to tamper cookie-based sessions ;-)
0
 
kpu8Author Commented:
Ok then if a cookie has set the secure flag a browser should never transmit it over http
then if I move the SSL back one page that should work?

See - I set the SSL when the user was to enter their credit card information
so on that page what happens is the table that get's generated read the cookie and fills in what the user ordered. However, I wonder if I take the user into SSL one page sooner if the cookie data will then be read and written?

This is code that has been in place since 1995 it's part of a cgi shopping cart suite that was open source - I didn't write any of the original code. The problems I've been having are since we've decided to utilize SSL.


0
 
ahoffmannCommented:
are all pages https?
0
 
ahoffmannCommented:
at least two valid suggestions: http:#13820917 and http:#13943075
0
 
kpu8Author Commented:
I still haven't resolved this 100% that's why I left it open - but it appears since I was setting a cookie via one domain - then using a https certificate which was set up like https://www.myisp.com:8008 the cookie couldn't be read seeing I was changing domains
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.