I'm still writing my w.i.p essay here..bear with me..
Have a look at
http://uk.php.net/setcookie
Whether you know php or not, you'll see references low on the page, to the ways different browsers analyze domain names when deciding whether to store a cookie, which in this case is the thing that enables auto logon. There is a vital parameter in the cookie called the domain path.
One prob I have fully examined tonight, is how to get auto login using a domain without the 'www.' in front. Most servers accept 'domain.com' as well as www.domain.com.
One of zencarts quirks is that if the domain gets set to 'domain.com' in the config file, all the pages in zencart have that in the url. This can happen I think when you install, if you initially access your zencart install folder without the www. in front.
But looking at the page quoted above, IE6 especially, it seems that IE6 refuses to store a cookie if there's not two dots in the domain name, if its a dot com. So anyone without the 'www.' in front in the config file, won't ever save a cookie in IE6, for auto logon?
But this isn't the end of the story, as I found out. My IE6 bookmark for my site home page has no www. in front. I proved that when this url is used, the cookie -even if saved properly previously using the contrib's login page with a full www.domain.com, -- the cookie is not read out by IE6 with a page url that has no www. in front. i.e no auto logon.
'for me' IE 6.0.28 sp1, on win 2000 sp2, does not cough up the 'zencart_cookie_permlogin' cookie **previously** saved by a 'www.doman.com' page log in (ticked checkbox), if the page url in the browser address bar **now has** 'domain.com'. Coders can check that out by putting 'echo the cookie value' in php code, near the top of the index page header.
So... woe betide any zencart user that enters the site url without the www. in front, he'll have to manually log on?
I have to be away soon..so can't really go much further at present with this. But it almost seems that cookies for auto logon are a difficult challenge, whereas as far as I know, the only cookie zencart uses is 'zenid', and possibly with a 'non-www.' domain if cookies fail then the server can revert to session variables for zenid, so it doesn't matter...
So the basic problem is, if i'm correct, with certain browsers being awkward about when they will save a cookie, or cough it back up, with the non-www. url page domain base, (or cookie domain) I don't see quite how to ensure auto logon works regardless.
One way would be to redirect any page without www. to the same page with www. in front?
This is not a critique, but if I'm right it needs some mods..
Bookmarks