?
Solved

Image doesn't appear when using SSL in CGI

Posted on 2005-04-19
14
Medium Priority
?
199 Views
Last Modified: 2013-12-25
I just set up an SSL certificate on my site which works great - however in my cgi code where I currently in a table call an image like this:

 $table    .= "  <TD>@fields[0]</TD>\n";   #item
 $table    .= "  <TD><IMG SRC=\"../../images/Inv/@fields[1].gif\"><BR><FONT SIZE=-1>@fields[1]</FONT></TD>\n";   #design
 $table    .= "  <TD>@fields[2]</TD>\n";   #description
 $table    .= "  <TD>@fields[3]</TD>\n";   #quantity
 $table    .= "  <TD>\$@fields[4]</TD>\n"; #price
 $table    .= "  <TD>\$$itemtotal</TD>\n";

The image now doesn't appear - what is the trick over SSL so that it appears - when I changed it to the following it still didn't appear:

 $table    .= "  <TD>@fields[0]</TD>\n";   #item
 $table    .= "  <TD><IMG SRC=\"https://mysite.com/images/Inv/@fields[1].gif\"><BR><FONT SIZE=-1>@fields[1]</FONT></TD>\n";   #design
  $table    .= "  <TD>@fields[2]</TD>\n";   #description
  $table    .= "  <TD>@fields[3]</TD>\n";   #quantity
  $table    .= "  <TD>\$@fields[4]</TD>\n"; #price
  $table    .= "  <TD>\$$itemtotal</TD>\n";

What's odd it that images on the page which get called via standard html all appear - it's just my dynamic image which doesn't appear!
0
Comment
Question by:kpu8
  • 5
  • 5
  • 2
  • +1
13 Comments
 
LVL 18

Expert Comment

by:kandura
ID: 13820783
in what way exactly does it not appear? isn't it in the resulting html? or is the image not found? if so, what are the headers for that image?
0
 
LVL 1

Author Comment

by:kpu8
ID: 13820887
The html is never rendered now that the page is under SSL.

When you say headers that's a good point - I've never used them on that page - however I assume you meaning something like:

print "Content-type: text/html\n\n";

or is their a specifc header I need to use for an image?
0
 
LVL 18

Expert Comment

by:kandura
ID: 13820903
kpu8,
> The html is never rendered now that the page is under SSL.

so what _do_ you get? and what does the error log say?
0
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

 
LVL 48

Expert Comment

by:Tintin
ID: 13820917

@fields[1] should be written as $fields[1]


So, I assume you just get a blank page then?

Do you control the web server configuration?  If so, have you setup CGI access for the SSL configuration?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13840729
correct errors as Tintin suggested,
then post HTML you see in your browser with "view source"
0
 
LVL 1

Author Comment

by:kpu8
ID: 13942399
OK - I see what is going on - the data that isn't displaying is being read via a cookie!

Therefore how does one read cookie data using SSL:

The code which set's the cookie looks like:

# Write the cookie
print "Content-type: text/html\n";
print "Set-Cookie: cart=$cookieNew; path=/\n";
print "Refresh: 0; URL=http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";
print "<BR>";

Therefore - I tried add the word secure after the path like this

print "Set-Cookie: cart=$cookieNew; path=/; secure\n";

But then the non SSL page didn't read the data nor did the SSL page!

Thanks

Sorry about the delay in this one - this is a case where I didn't write the original CGI/Perl code so it's been a project as I have time!
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 13943075
> print "Refresh: 0; URL=http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";
what should this be? Are you trying to write content of a meta tag as HTTP header?
probably you mean:

print "Location: http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";

And keep in mind that you set the cookie for the domain which returns this header, not for the Location you return!
0
 
LVL 1

Author Comment

by:kpu8
ID: 13955673
What happens is the cookie get's set once a user chooses an item then brings them back (thus the refresh) to the shopping cart so they can buy more items as well as see what's they've already bought.

The table that get's created is read from a cookie - however it appears I must have to set it differently when the cookie get's read over SSL as the data from the cookie is read fine over http: but over https: it isn't read.

Therefore what is the secret with reading cookies over http with Perl?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13959412
if a cookie has set the secure flag a browser should never transmit it over http
some browser are buggy, as usual, and IE supports a HTTPSonly flag too (heaven knows why)-:

And again read http:#13943075

If you plan to make a shopping site, hope you know how many hacks are out in the wild to tamper cookie-based sessions ;-)
0
 
LVL 1

Author Comment

by:kpu8
ID: 13968030
Ok then if a cookie has set the secure flag a browser should never transmit it over http
then if I move the SSL back one page that should work?

See - I set the SSL when the user was to enter their credit card information
so on that page what happens is the table that get's generated read the cookie and fills in what the user ordered. However, I wonder if I take the user into SSL one page sooner if the cookie data will then be read and written?

This is code that has been in place since 1995 it's part of a cgi shopping cart suite that was open source - I didn't write any of the original code. The problems I've been having are since we've decided to utilize SSL.


0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13968266
are all pages https?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 14208885
at least two valid suggestions: http:#13820917 and http:#13943075
0
 
LVL 1

Author Comment

by:kpu8
ID: 14217612
I still haven't resolved this 100% that's why I left it open - but it appears since I was setting a cookie via one domain - then using a https certificate which was set up like https://www.myisp.com:8008 the cookie couldn't be read seeing I was changing domains
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question