Kryptronic Software Support Forum

You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.

#1 05-08-2009 05:27:57

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Cookie domain problem

We are having issues with logging in to the admin on our shop at http://www.contextinteriors.co.uk. After login we get a blank page only displaying 'Thank You. Your Login information has been validated' and nothing else.

A quick search on the forum indicates that this might be related to the cookie doman path. I ran the installer again and checked all was ok. Cookie domain path is set to: '.contextinteriors.co.uk'. Still not resolved after re-running the installer.

We had a DNS issue about a week ago after discovering that http://contextinteriors.co.uk (whithout the www) was still pointing to the old site. This is now set up to point to the correct server, but seems to have created this issue with the cookie domain.

Can I change the cookie domain to wwwcontextinteriors.co.uk or similar to avoid this or is there a way of debugging to find out why this is happening.

We are panicking a bit as we cant access the admin and process orders. Please help.

NB! and we cant call support as no one is picking up the phone

Last edited by jonasaedin (05-08-2009 05:28:40)

Offline

 

#2 05-08-2009 05:39:30

Dave
Member
Registered: 07-05-2003
Posts: 11233

Re: Cookie domain problem

A cookie domain with the www would not be correct and the way you have it right now is correct.

Is your hosting account set up to have separate directories for secure and non-secure content?  If I hit admin.php on your site using the non-secure URL it looks different than hitting it with a secure URL which shouldn't happen.

Offline

 

#3 05-10-2009 06:51:16

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Re: Cookie domain problem

Basically I have been supplied with a thawte secure site which is set up at ip 217.72.171.117. The server itself is on 217.72.171.49. I was told that should basically mirror the non-secure site.

I can see your point with the admin.php being different on the non-secure and secure, so could be a problem with the hosting company's setup.

Any ideas why it breaks at that particular place? secure pages works fine from front-end?

Going to call the hosting company tomorrow.

Offline

 

#4 05-10-2009 07:08:31

Dave
Member
Registered: 07-05-2003
Posts: 11233

Re: Cookie domain problem

I don't have any ideas I'm afraid but perhaps it would shed some light on things if you posted the secure and non-secure URLs you have configured for CCP (just run the installer to the step where they're entered to get them).

As I said earlier, hitting admin.php should look identical using the secure and non-secure URLs so something is definitely amiss.

Offline

 

#5 05-10-2009 14:56:38

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Re: Cookie domain problem

The URL's entered in the installer is straight forward:
non-secure: http://www.contextinteriors.co.uk/
secure: https://www.contextinteriors.co.uk/

The site has been working fine for a month. And the only addition last week was adding Google Analytics script to the front end skin.

Hopefully the hosting comapny will shed some light on this tomorrow, but if I know them right they will pass the blame on to the software.

Dave, I can PM you login for the admin if you feel like taking a further look.

Offline

 

#6 05-10-2009 15:00:42

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Re: Cookie domain problem

would it be worth running the installer and chagning the secure url back to http://www.contextinteriors.co.uk/ just to see if backend is working off the non-secure site?

Offline

 

#7 05-10-2009 16:11:43

Dave
Member
Registered: 07-05-2003
Posts: 11233

Re: Cookie domain problem

You could try that.  The secure link is used in the front end too during checkout and some other processes but it won't break anything to give it a try.

Offline

 

#8 05-11-2009 05:37:29

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Re: Cookie domain problem

I tried changing both URLs to http://www.contextinteriors.co.uk without any change in behaviour. Still breaks at exactly same place.

Contacted the hosting company which replied:


Netcom wrote:

Hi Jonas, Further to your email below,  I have had a look on our server and am unable to find anything that would be causing the issue that you are experiencing.  I am also unable to find anything in our logs that could offer further information as to what is happening.

It would appear that the full source code is not being loaded when accessing any page on the site, however we are unable to look into this further as the source code is encrypted.  I have asked our web developer to have a look and he has suggested that there could be a php file with a space left after the closing '?>' as the closing tags are being cut off?

You mentioned that the ecommerce software was working fine until last week.  I can confirm that nothing on the server would have changed at this time, but would this have coincided with an update that was made to the ecommerce software?

If you have any further queries or problems please do not hesitate to contact me or any other member of the technical support staff.

Does that make any sense? and how can I check for the above suggested php errors? I can access database.

We are getting desperate.

Last edited by jonasaedin (05-11-2009 05:38:02)

Offline

 

#9 05-11-2009 05:43:05

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Re: Cookie domain problem

just realised that all pages are breaking, frontend seems to not fully load the page either.

Offline

 

#10 05-11-2009 05:50:49

Dave
Member
Registered: 07-05-2003
Posts: 11233

Re: Cookie domain problem

Nothing in CCP is encrypted so I haven't got a clue where that statement may have come from.  Take a very close look at your skin.php file for the skin you are using and compare it to one of the default supplied skins.  Without seeing the actual file it would appear, from looking at the site, as though skin.php may have been altered (without your knowledge if you didn't touch it).

Further checking in some of the other directories that are part of CCP indicates that it is likely your site has been compromised.  Suggest you change your control panel, FTP and shell (if you have it) passwords immediately and let your provider know that you believe your site has been compromised.

Offline

 

#11 05-11-2009 06:27:11

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Re: Cookie domain problem

Ok I have asked for new passwords for ftp and Mysql. I have a complete backup of the files and a recent database backup, would it be best to simply reinstall CCP, and would that be straight forward?

Offline

 

#12 05-11-2009 06:51:50

Dave
Member
Registered: 07-05-2003
Posts: 11233

Re: Cookie domain problem

In situations like this you want to completely delete the directories used by CCP and recreate them.  The "infections" I've seen are fairly pervasive and it would take you longer to find and fix everything than it would to simply start with a clean slate.  Chances are the database itself is just fine.  The config.php file in the CCP private directory has all of the details you need to run the installer again but you don't want to use that file in the fresh installation (grab a copy for reference then delete it when you're done).

Changing passwords is usually feasible through your providers control panel.  I'd also open an incident with them as the intrusion may have come via another account on the server if you are using a shared server.

Offline

 

#13 05-11-2009 16:26:58

jonasaedin
Member
From: Edinburgh, UK
Registered: 02-15-2009
Posts: 70
Website

Re: Cookie domain problem

Ok all working again.

Changed passwords, uploaded the latest working backup (thank god for backups), ran installler script and all back to normal although I had to weed out the PC's and SCSI hardrives that comes with the demo install - must have missed the bit where you turn that off.

Still no clue exactly why or how the site got corrupted (or hacked).

Dave, thanks for your help - good to know that someones here with good advice when it is impossible to get hold og the UK support on the phone.

Offline

 

Board footer