kpu8
asked on
Image doesn't appear when using SSL in CGI
I just set up an SSL certificate on my site which works great - however in my cgi code where I currently in a table call an image like this:
$table .= " <TD>@fields[0]</TD>\n"; #item
$table .= " <TD><IMG SRC=\"../../images/Inv/@fi elds[1].gi f\"><BR><F ONT SIZE=-1>@fields[1]</FONT>< /TD>\n"; #design
$table .= " <TD>@fields[2]</TD>\n"; #description
$table .= " <TD>@fields[3]</TD>\n"; #quantity
$table .= " <TD>\$@fields[4]</TD>\n"; #price
$table .= " <TD>\$$itemtotal</TD>\n";
The image now doesn't appear - what is the trick over SSL so that it appears - when I changed it to the following it still didn't appear:
$table .= " <TD>@fields[0]</TD>\n"; #item
$table .= " <TD><IMG SRC=\"https://mysite.com/images/Inv/@fields[1].gif\"><BR><FONT SIZE=-1>@fields[1]</FONT>< /TD>\n"; #design
$table .= " <TD>@fields[2]</TD>\n"; #description
$table .= " <TD>@fields[3]</TD>\n"; #quantity
$table .= " <TD>\$@fields[4]</TD>\n"; #price
$table .= " <TD>\$$itemtotal</TD>\n";
What's odd it that images on the page which get called via standard html all appear - it's just my dynamic image which doesn't appear!
$table .= " <TD>@fields[0]</TD>\n"; #item
$table .= " <TD><IMG SRC=\"../../images/Inv/@fi
$table .= " <TD>@fields[2]</TD>\n"; #description
$table .= " <TD>@fields[3]</TD>\n"; #quantity
$table .= " <TD>\$@fields[4]</TD>\n"; #price
$table .= " <TD>\$$itemtotal</TD>\n";
The image now doesn't appear - what is the trick over SSL so that it appears - when I changed it to the following it still didn't appear:
$table .= " <TD>@fields[0]</TD>\n"; #item
$table .= " <TD><IMG SRC=\"https://mysite.com/images/Inv/@fields[1].gif\"><BR><FONT SIZE=-1>@fields[1]</FONT><
$table .= " <TD>@fields[2]</TD>\n"; #description
$table .= " <TD>@fields[3]</TD>\n"; #quantity
$table .= " <TD>\$@fields[4]</TD>\n"; #price
$table .= " <TD>\$$itemtotal</TD>\n";
What's odd it that images on the page which get called via standard html all appear - it's just my dynamic image which doesn't appear!
in what way exactly does it not appear? isn't it in the resulting html? or is the image not found? if so, what are the headers for that image?
ASKER
The html is never rendered now that the page is under SSL.
When you say headers that's a good point - I've never used them on that page - however I assume you meaning something like:
print "Content-type: text/html\n\n";
or is their a specifc header I need to use for an image?
When you say headers that's a good point - I've never used them on that page - however I assume you meaning something like:
print "Content-type: text/html\n\n";
or is their a specifc header I need to use for an image?
kpu8,
> The html is never rendered now that the page is under SSL.
so what _do_ you get? and what does the error log say?
> The html is never rendered now that the page is under SSL.
so what _do_ you get? and what does the error log say?
@fields[1] should be written as $fields[1]
So, I assume you just get a blank page then?
Do you control the web server configuration? If so, have you setup CGI access for the SSL configuration?
correct errors as Tintin suggested,
then post HTML you see in your browser with "view source"
then post HTML you see in your browser with "view source"
ASKER
OK - I see what is going on - the data that isn't displaying is being read via a cookie!
Therefore how does one read cookie data using SSL:
The code which set's the cookie looks like:
# Write the cookie
print "Content-type: text/html\n";
print "Set-Cookie: cart=$cookieNew; path=/\n";
print "Refresh: 0; URL=http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";
print "<BR>";
Therefore - I tried add the word secure after the path like this
print "Set-Cookie: cart=$cookieNew; path=/; secure\n";
But then the non SSL page didn't read the data nor did the SSL page!
Thanks
Sorry about the delay in this one - this is a case where I didn't write the original CGI/Perl code so it's been a project as I have time!
Therefore how does one read cookie data using SSL:
The code which set's the cookie looks like:
# Write the cookie
print "Content-type: text/html\n";
print "Set-Cookie: cart=$cookieNew; path=/\n";
print "Refresh: 0; URL=http://www.mysite.com/cgi-bin/Cart/Cart.cgi\n\n";
print "<BR>";
Therefore - I tried add the word secure after the path like this
print "Set-Cookie: cart=$cookieNew; path=/; secure\n";
But then the non SSL page didn't read the data nor did the SSL page!
Thanks
Sorry about the delay in this one - this is a case where I didn't write the original CGI/Perl code so it's been a project as I have time!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What happens is the cookie get's set once a user chooses an item then brings them back (thus the refresh) to the shopping cart so they can buy more items as well as see what's they've already bought.
The table that get's created is read from a cookie - however it appears I must have to set it differently when the cookie get's read over SSL as the data from the cookie is read fine over http: but over https: it isn't read.
Therefore what is the secret with reading cookies over http with Perl?
The table that get's created is read from a cookie - however it appears I must have to set it differently when the cookie get's read over SSL as the data from the cookie is read fine over http: but over https: it isn't read.
Therefore what is the secret with reading cookies over http with Perl?
if a cookie has set the secure flag a browser should never transmit it over http
some browser are buggy, as usual, and IE supports a HTTPSonly flag too (heaven knows why)-:
And again read http:#13943075
If you plan to make a shopping site, hope you know how many hacks are out in the wild to tamper cookie-based sessions ;-)
some browser are buggy, as usual, and IE supports a HTTPSonly flag too (heaven knows why)-:
And again read http:#13943075
If you plan to make a shopping site, hope you know how many hacks are out in the wild to tamper cookie-based sessions ;-)
ASKER
Ok then if a cookie has set the secure flag a browser should never transmit it over http
then if I move the SSL back one page that should work?
See - I set the SSL when the user was to enter their credit card information
so on that page what happens is the table that get's generated read the cookie and fills in what the user ordered. However, I wonder if I take the user into SSL one page sooner if the cookie data will then be read and written?
This is code that has been in place since 1995 it's part of a cgi shopping cart suite that was open source - I didn't write any of the original code. The problems I've been having are since we've decided to utilize SSL.
then if I move the SSL back one page that should work?
See - I set the SSL when the user was to enter their credit card information
so on that page what happens is the table that get's generated read the cookie and fills in what the user ordered. However, I wonder if I take the user into SSL one page sooner if the cookie data will then be read and written?
This is code that has been in place since 1995 it's part of a cgi shopping cart suite that was open source - I didn't write any of the original code. The problems I've been having are since we've decided to utilize SSL.
are all pages https?
at least two valid suggestions: http:#13820917 and http:#13943075
ASKER
I still haven't resolved this 100% that's why I left it open - but it appears since I was setting a cookie via one domain - then using a https certificate which was set up like https://www.myisp.com:8008 the cookie couldn't be read seeing I was changing domains