Forum OpenACS Q&A: Problem: SilentPost back from Ewebcart

We are using's Shopping Cart for our site... It works well, we design our store pages with forms which go to their site and they maintain the shopping cart and calculate totals based on hidden vars on our forms and connect with the cc processing company.

So they have an advanced feature called silent post in which they SecureNetShop can POST order data to a file on your server. From their settings page:

    The silent post will occur at the end of the ordering process and will be transparent to the shopper. The Silent Post URL should point to a CGI script or asp file that can accept url encoded data.
I wrote a tcl script and built a database table to stuff the vars into. Here is an excerpt:
    # securenetshop silent post return.
    set_form_variables 0
    if { ![info exists total] } {
        set total "-1" 
    if { ![info exists b_fname] } {
        set b_fname "No F name" 
    if { ![info exists b_lname] } {
        set b_lname "No L name" 
    # etc...
    set db [ns_db gethandle]
    set insert_statement  "insert into ewcart
    (b_lname,b_fname, total, pdatetime, #more....)
    values ('$b_lname', '$b_fname', '$total', sysdate(), #more...))"
    ns_db dml $db $insert_statement
    ns_db releasehandle $db
    ns_returnredirect ""

This script works both with form variables from my adp test page and if I just paste vars into the URL.

Mike at SecureShopNet can do the URL vars/ Form Vars but his test script (to simulate the silent post) does NOT work. It returns this header response info:

    HTTP/1.0 302 Found
    Connection: close
    Date: Tue, 18 Sep 2001 13:11:15 GMT
    Server: AOLserver/3.2+ad12
    Content-Length: 384
    Content-Type: text/html; charset=iso-8859-1
    Client-Date: Tue, 18 Sep 2001 12:57:40 GMT
    Client-Peer: 208....
    MIME-Version: 1.0
    Title: Redirection
    &b_lname=OConnor&b_fname=Bob")The requested URL has moved here.(/A)
    (P ALIGN=RIGHT)(SMALL)(I)AOLserver/3.2+ad12 on

My AolServer uses Jerry's Virtual Server setup to redirect from Main to the TGN instance of AOLserver.

Is is possible that the silent post isn't working because of the redirects? I also have an ns_returnredirect at the end of my code just to go somewhere so that the serverlog doesn't show an error.

Mike and I CAN post to this new table with both URL vars and FORM vars.
SecureShopNet Server Can NOT post.

IS there something I can do so I can get these VARS back from SecureShopNet?

IF I can, then I can update our database with purchase info and make the memberships TOTALLY automatic rather than make members click a link (which they sometimes don't.)

Thank you

Posted by Jonathan Ellis on
there is a note at the bottom of this thread about problems with POSTing binary data on an nssock setup, which may or may not apply to your situation.
Posted by Bob OConnor on

Thanks Jonathan,

I'm trying Robert Schlaff's (August 14th) suggestion to use direct port numbers :2001 Instead of the vhost redirect from :80.


Posted by Bob OConnor on

Well, setting the port number in the URL did NOT help....

In order to nail this down, is there a way to do
"POSTing binary data".

Currently, with or without the :2001 port number I can send URLvars and FORMvars and fill up the pg table but I get nothing from SSN with their Posted binary data.... How can I simulate sending Posted binary data to this AOLServer from a WIN98 machine or second Linux AOLserver machine.
More importantly, How can I fix this?


Posted by Jerry Asher on
If you're putting in the port number, bypassing nsvhr and nsunix and still seeing this problem, well, pardon me, but I'll first breathe a sigh of relief (I've received two other nsvhr/POST reports in the past 24 hours....)

But do make sure you are putting in the port number, as this report sounds very much like the problem I just fixed.

Regarding simulating POSTs, what I usually do is use AOLserver and the ACS itself.  The ACS contains a utility, util_httppost which can be used to POST to another webserver.  What you can do is set up AOLserver on the machine you want to test "from", connect to the nscp port, and then in that tcl shell, use util_httppost to create a POST from the test machine to your target machine.

Since you are using my AOLserver patches, you can experiment with turning DEBUG on and DEV on within your config.tcl's ns/parameters section.  This should cause most every byte sent or received from your AOLserver process to be dumped out in HEXL (HEX and ASCII) format in your server log, and that can help you catch the problem, and determine if it is AOLserver that is dropping the ball, and if so, where.

Posted by David Walker on
Since your response was a 302 redirect you may be experiencing a
redirect because of unset or different host header than expected.
This behavior is controlled by ForceHostP in your nsd.tcl file and
is used so that cookies only need to be set for a single domain name.

The /SYSTEM/ directory is by default untouched and may be a good
place to put your scripts while you're testing them.  (You'll want
to secure these so some random hacker can't post to them though)

Posted by Jerry Asher on
Hey Dave, thanks for pointing that out.  Bob, I also note that in what you posted, the location field contains "/ssnet/" while the redirection message itself contains "/ss_net/".  Could that be significant, a typo, or just misdirection?
Posted by Bob OConnor on

Ok, I redirected the ssn silent post to an old RH6.2 box with OpenACS/AOLserver from May 2000 AND it WORKS!!! Testing is a slow process because I have to wait for a successful CCard purchase. They have no test button and I don't want to charge anything myself!

SO there must be something with the multi-AOLserver3.2ad12 system. OK I did get around the
HTTP/1.0 302 Found
redirect from nsaMAIN by giving the :2001 port number to bypass it and I get the usual
HTTP/1.0 200 OK but NO data.

Jerrry, There was only a typo in the post.... Normally I make my posts with different file/directory names as a way to discourage the idle curious lurkers 😊

David, I did not find ForceHostP in my nsd.tcl file for AOLserver nor in the /parameters (Openacs).

Conclusion: AOLserver3.2ad12 doesn't like binary posts.

Could this be similar to the problem that Joshua Ginsberg identified in
but perhaps in a different proc than nsvhr.c ?


Posted by Jerry Asher on
I'm away from the code at the moment, so I can't tell you if the bug I fixed a day or so ago existed prior to the latest set of nsvhr/nsunix for aolserver 3.3.

I'm a little confused (early morning, bad memory, two kids needing breakfast).  I should think that the 302 has nothing to do with your nsvhr setup.  Also, if you're giving it the port directly, that again suggests it's not nsvhr.

Regardless, I would recommend upgrading to 3.3 and the new nsvhr for a variety of reasons.

I'll be out until about noon pacific time, but you might try using util_httppost or something to post some binary to  Name the variable test and it should spit the results back to you.  It may or may not work with binary, so if it doesn't work, the results are just inconclusive.

Posted by Jerry Asher on
Bob, when you write,
The Silent Post URL should point to a CGI script or asp file that can accept url encoded data. Example:
If their data is url encoded, then there shouldn't be ANY binary data in the post.
Posted by Bob OConnor on
Hi Jerry,

Well, Mike from SSN says that it is binary... I don't know why... AND I'd be happy to try to capture what they send if you have a script that works on the old AOLserver/OpenACS from May 2000.  That is the machine now collecting data from the SSN silent posts...