By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,743 Members | 804 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,743 IT Pros & Developers. It's quick & easy.

eCommerce & search engines incompatibility problem

P: n/a
Hi

We have an eCommerce site that was designed as a BusinessToBusiness system.
When anyone accesses a page, the site checks to see whether they have a
current session (i.e. already authenticated) and if not it redirects them to
the log-on page.

Recently, we added some BusinessToConsumer functionality. The same
authentication process described above applies, but when the unknown user
gets redirected to the logon page they see a button that allows them to log
on as the "anonymous user".

We have a corporate web site with a link on it to the eCommerce site's logon
page. This link contains a parameter which effectively mimics the clicking
of the "log on anonymously" button - the end result is that the user gets
logged on transparently, they never see the actual logon page.

Search engines have obviously followed this link from our corporate web site
and gained access into our eCommerce site. All the products can be found on
the search engines sites - which is good for the business2consumer side of
things. However, when one follows the link to a product from the search
engine site, one gets re-directed to the logon page because the
search-engine's session identifier is no longer valid (the session expired).

Ideally, I want people to find our products on the search engine's site and
go seamlessly to the product's details page, but need suggestions on how best
to achieve this.

I guess that if the user is not recognised, I could look at the forwarding
URL (Request.ServerVariables("HTTP_REFERER")) and if it's a known search
engine's site then try to automatically log them on....

Do you think that this a viable way forward, or is there a better way?
Ideally, I don't want to have to redesign the whole security model....

Thanks in advance

Griff
Nov 9 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Search engines have obviously followed this link from our corporate web site
and gained access into our eCommerce site. All the products can be found on
the search engines sites - which is good for the business2consumer side of
things. However, when one follows the link to a product from the search
engine site, one gets re-directed to the logon page because the
search-engine's session identifier is no longer valid (the session expired).
Why not just have the system assume that if a user goes to one of the
products, they are logged on anonymously?

Why even have a login that is anonymous in the first place?

Nov 9 '06 #2

P: n/a
"Griff" <Gr***@discussions.microsoft.comwrote in message
news:42**********************************@microsof t.com...

<snip>
Recently, we added some BusinessToConsumer functionality. The same
authentication process described above applies, but when the unknown user
gets redirected to the logon page they see a button that allows them to
log
on as the "anonymous user".
<snip>
How 'bout something like this on each page?

<%
if Session("loggedin") = "yes" then
bLoggedIn = 1
end if
%>

[HTML of all data normally visible to anonymous users]

<%
if bLoggedIn = 1 then
%>

[HTML of additional data visible only to logged in users]

<%
else
%>

You are not logged in. Click <a href="login.asp">here</ato log in.

<%
end if
%>
--
Bob Milutinovic
Cognicom - "Australia's Web Presence Specialists"
http://www.cognicom.net.au/
telephone (0417) 45-77-66
facsimile (02) 4727-1898
-------------------------------------------------------
To respond by e-mail: <myname>@<mydomain(work it out)

Hi

We have an eCommerce site that was designed as a BusinessToBusiness
system.
When anyone accesses a page, the site checks to see whether they have a
current session (i.e. already authenticated) and if not it redirects them
to
the log-on page.
We have a corporate web site with a link on it to the eCommerce site's
logon
page. This link contains a parameter which effectively mimics the
clicking
of the "log on anonymously" button - the end result is that the user gets
logged on transparently, they never see the actual logon page.

Search engines have obviously followed this link from our corporate web
site
and gained access into our eCommerce site. All the products can be found
on
the search engines sites - which is good for the business2consumer side of
things. However, when one follows the link to a product from the search
engine site, one gets re-directed to the logon page because the
search-engine's session identifier is no longer valid (the session
expired).

Ideally, I want people to find our products on the search engine's site
and
go seamlessly to the product's details page, but need suggestions on how
best
to achieve this.

I guess that if the user is not recognised, I could look at the forwarding
URL (Request.ServerVariables("HTTP_REFERER")) and if it's a known search
engine's site then try to automatically log them on....

Do you think that this a viable way forward, or is there a better way?
Ideally, I don't want to have to redesign the whole security model....

Thanks in advance

Griff

Nov 14 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.