Forum OpenACS Development: Re: Ecommerce under 5.9

Collapse
5: Re: Ecommerce under 5.9 (response to 4)
Posted by Iuri Sampaio on 11/06/16 11:38 PM
Ben,

Why does ad_proc [ec_get_user_session_id] returns "0" instead of just 0?

set user_session_id [ec_get_user_session_id]
ns_log Notice "USESSION_ID: $user_session_id"

Log file returns:
[06/Nov/2016:22:32:37][7947.abc23b70][-conn:evex:3-] Notice: USESSION_ID: "0"

There ins't anything wrong with its source.

ad_proc ec_get_user_session_id {} { Gets the user session from cookies } {
ns_log Notice "Running ad_proc ec_user_session_id"

set headers [ns_conn headers]
set cookie [ns_set get $headers Cookie]

# grab the user_session_id from the cookie
if { [regexp {user_session_id=([^;]+)} $cookie match user_session_id] } {
return $user_session_id
} else {
return 0
}
}

Best wishes

Collapse
6: Re: Ecommerce under 5.9 (response to 5)
Posted by Iuri Sampaio on 11/06/16 11:50 PM
Thanks Gustaf!

I'll keep digging and fixing ecommerce tcl scripts, using your samples, in order to get them working under oacs-5.9.

I've written a palliative using lindex to remove "".

Best wishes,

Collapse
7: Re: Ecommerce under 5.9 (response to 5)
Posted by Benjamin Brink on 11/07/16 01:14 AM
Hi Iuri,

Why does ad_proc [ec_get_user_session_id] returns "0" instead of just 0?

Looking at the code for ec_get_user_session_id, if the expression matches with:

user_session_id="0"

Then, $user_session_id will return "0" including quotes.

Changing the regular expression to something like this should remove those:

{user_session_id=[\"]?([^;\"]+)}

..but I am sure there is a better way of doing this.

oacs-5-9 has passed a bunch of security tests, so consider looking at sec_login_read_cookie and friends.

cheers,
Ben