Announcement

Collapse
No announcement yet.

Firewalls and Cookies preventing orders

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Firewalls and Cookies preventing orders

    A customer phoned to tell me they could not place an order on our site. Adding a second item to the basket overwrote the first one and View Basket than said "your basket is empty" and they could not checkout a single item order either.

    I think this is caused by not having cookies allowed. Normally, the customer would get an error message displayed by Actinic saying that cookies need to be allowed and we have customised the error page to give instructions on how to allow them in various browsers.

    This was NOT the problem with this customer, he was getting no error messages and had Windows 2000 / IE6 configured same as my browser which works fine and he was able to place orders on other people's web sites.

    After further testing it seems the problem was cause by his firewall software ZoneAlarm and he had to change the default settings to allow third party cookies. It then worked OK. (luckily, he got an error message on another web site that prompted him to check the firewall settings).

    Actinic 7 does not seem to pick up that the firewall software is not allowing cookies (as compared with the Browser not allowing cookies) and does not give an error message (but it CAN be done as the other site he used did give him a message). How many orders are we (and other Actinic users - you?) losing because of this?

    Anyone got any ideas on this?

    Keith Milsom
    www.anythingleft-handed.co.uk
    Keith Milsom
    www.anythingleft-handed.co.uk
    Left handed products and information

    #2
    there is ocasionally a problem with firewalls, but the last one I was aware of was with Norton and was fixed in 6.1.5.

    I'm not sure why ZoneAlarm decided your cookie was from a 3rd party and decided to block it. I assume you have a straightforward actinic installation on a single domain? i.e. no other domains or subdomains being used?

    Mike
    -----------------------------------------

    First Tackle - Fly Fishing and Game Angling

    -----------------------------------------

    Comment


      #3
      Thanks for your time Mike. We do have a standard installation on a single domain. Also, I have uploaded the Actinic example site "out of the box" and got the same person to try to place an order on that and he had exactly the same problem there.

      This afternoon I have had another customer phone to say that he could not checkout his order as his basket kept emptying - I did not get to speak to him myself but I guess it is the same problem. I wonder how many more people want to place orders on our site but cannot and do not get any warning or error message to tell them why?

      I do know from our stats that about 35% of unique visitors who start a basket never make it to the first checkout page. Anyone else got any stats on this they don't mind sharing?

      I have reported this problem to Actinic support and they are looking at it as well, but no answers yet. This seems pretty important to me as I am sure it is costing us lost orders.
      Keith Milsom
      www.anythingleft-handed.co.uk
      Left handed products and information

      Comment


        #4
        I had a similar problem, it was caused by customers starting on www.blushingbuyer.com and then moving to www.blushingbuyer.co.uk partway through placing the order. I see from your site that you have anythinglefthanded.co.uk and anythingleft-handed.co.uk. It could be this that may be causing the problem. I'm trying to remember how I solved it, I think I hard coded all the url's that go to any cgi script to go to http://www.blushingbuyer.co.uk rather than ../ This seemed to solve the problem. (We did loose a few customers but it wasn't many)
        Blushingbuyer, banishing blushes since 2000.
        http://www.blushingbuyer.co.uk

        Comment


          #5
          Keith,

          Just tried to order from the site with standard medium Zone Alarm settings and whilst it lets you add to the cart when you proceed to checkout it says the basket is empty (as explained). However, our site works with no problems so it could be an issue with your site as opposed to Zone Alarm!

          Hope you get it fixed.

          Dave
          Cheers

          David
          Located in Edinburgh UK

          http://twitter.com/mcfinster

          Comment


            #6
            Sorry, after looking at you site in more detail, this won't help, you just use a frame to redirect from lefthanded to left-handed whereas we are using domain mapping in apache, so ignore me.
            Blushingbuyer, banishing blushes since 2000.
            http://www.blushingbuyer.co.uk

            Comment


              #7
              Additionally if I add both anythinglefthanded.co.uk and anythingleft-handed.co.uk to my site list in Zone Alarm shopping will only work if you allow 3rd Party cookies on anythingleft-handed.co.uk not if you reverse it and allow them on anythinglefthanded.co.uk but block on the other. Could it be your baseref appears different from your actual URL?

              Dave
              Cheers

              David
              Located in Edinburgh UK

              http://twitter.com/mcfinster

              Comment


                #8
                Thank you both for your contributions.

                I think the anythinglefthanded.co.uk domain is a red herring - it is not used on our shop site in any way, we just have a redirect from it in case anyone mistypes our name.

                Dave, I see you managed to replicate the problem with ZoneAlarm, but you do not have it on your own site. I have got a test site on another of our domains withn the same hosting company which is the completely standard Actinic example shop and my customer had the same problem with that. It is at

                http://www.left-handersday.com/test_shop/acatalog/

                If you have time, could you see if you can create a basket and checkout there with your ZoneAlarm settings. If it doesn't work there, could it be something to do with the way our host has things configured?

                I am not sure what the "baseref" issue is? Our site IS taking most orders quite hapily, so I guess it cannot be something really major that is set wrong.
                Keith Milsom
                www.anythingleft-handed.co.uk
                Left handed products and information

                Comment


                  #9
                  there are two things that I think you should take a look at:

                  1. The 'redirect' from the non-hyphenated site doesn't appear to be a redirect. It looks to me like a framing solution which could confuse the browser and any firewall about which site you're actually on (and thus whether the cookies are 3rd party or not).

                  2. When on the non-hyphenated site, my IE is blocking a cookie and reporting that the hyphenated site doesn't have a privacy policy ??? (there's no such error on the hyphenated site itself).

                  Personally, I suspect it is the multiple domains that is causing you a problem and would change the redirect to a 301 permanent redirect rather than using framing.

                  Mike
                  -----------------------------------------

                  First Tackle - Fly Fishing and Game Angling

                  -----------------------------------------

                  Comment


                    #10
                    Keith,

                    Your example shop works perfectly with standard ZoneAlarm settings (i.e 3rd party cookies blocked). Just tried again on anythingleft-handed.co.uk and it appears I can now place an order (with 3rd Party Cookies blocked). Have you changed anything or did you discover the fault?

                    Would be very interested in the outcome to this

                    Dave
                    Cheers

                    David
                    Located in Edinburgh UK

                    http://twitter.com/mcfinster

                    Comment


                      #11
                      Thanks again for the help.

                      I am not sure the no-hyphen domain redirects are the direct cause of the basket problem as the customer who identified the problem went direct to our main site and was not redirected. Also, he had exactly the same problem on the example site

                      That said, I DO think the redirect is a separate problem worth looking at. The redirect from the no-hyphen domain is set by our host for that domain uk2.net and was set to use a frame to keep the domain name in the window title bar. I have now turned that off and will see what happens. I do not currently have web space with this domain so I don't think I can do a 301 redirect.

                      The log for the no-hyphen domain seems to show some cookie errors and also quite a few 404s where it is looking for files that actually reside on our main site and I cannot see why they would be requested on the no-hyphen domain. I have captured the last 1000 lines of the log file and uploaded it to our site here in case it gives any clues as to what is happening.
                      http://www.anythingleft-handed.co.uk...direct_log.txt

                      The 404s have a referrer of
                      http://www.anythingleft-handed.co.uk...ON=COOKIEERROR
                      plus some have
                      http://www.anythingleft-handed.co.uk...CTION=SHOWCART

                      I have checked our network settings and the no-hyphen domain www.anythinglefthanded.co.uk is not mentioned anywhere. I have also searched for the string "anythinglefthanded" in Design | Text and in all files in our Site1 directory - nothing. Is it possible that an Actinic script is somehow dropping the hyphen from the domain name when dealing with cookie errors and baskets in certain situations?

                      I cannot replicate the problem of cookies being blocked in IE for the no-hyphen domain.

                      Re: Dave's comment - I am now very confused!! I have not changed anything in either the main or example shops but it now seems to work?

                      Any more ideas greatly appreciated!

                      Keith
                      Keith Milsom
                      www.anythingleft-handed.co.uk
                      Left handed products and information

                      Comment


                        #12
                        Just noticed that if you click on the COOKIEERROR link above it diaplys the page with no .css formatting or images. In the page source of the resulting page it includes the line
                        <BASE HREF="http://community.actinic.com/acatalog/"></Actinic:BASEHREF>

                        I don't understand the BASEHREF variable, but is it possible this is something to do with the problem?

                        The relevant line in our shopping cart pages template is
                        <Actinic:BASEHREF VALUE="NETQUOTEVAR:BASEHREF"/></Actinic:BASEHREF>

                        Keith
                        Keith Milsom
                        www.anythingleft-handed.co.uk
                        Left handed products and information

                        Comment

                        Working...
                        X