eCommerce & search engines incompatibility problem

Discussion in 'ASP .Net' started by =?Utf-8?B?R3JpZmY=?=, Nov 9, 2006.

  1. Hi

    We have an eCommerce site that was designed as a BusinessToBusiness system.
    When anyone accesses a page, the site checks to see whether they have a
    current session (i.e. already authenticated) and if not it redirects them to
    the log-on page.

    Recently, we added some BusinessToConsumer functionality. The same
    authentication process described above applies, but when the unknown user
    gets redirected to the logon page they see a button that allows them to log
    on as the "anonymous user".

    We have a corporate web site with a link on it to the eCommerce site's logon
    page. This link contains a parameter which effectively mimics the clicking
    of the "log on anonymously" button - the end result is that the user gets
    logged on transparently, they never see the actual logon page.

    Search engines have obviously followed this link from our corporate web site
    and gained access into our eCommerce site. All the products can be found on
    the search engines sites - which is good for the business2consumer side of
    things. However, when one follows the link to a product from the search
    engine site, one gets re-directed to the logon page because the
    search-engine's session identifier is no longer valid (the session expired).

    Ideally, I want people to find our products on the search engine's site and
    go seamlessly to the product's details page, but need suggestions on how best
    to achieve this.

    I guess that if the user is not recognised, I could look at the forwarding
    URL (Request.ServerVariables("HTTP_REFERER")) and if it's a known search
    engine's site then try to automatically log them on....

    Do you think that this a viable way forward, or is there a better way?
    Ideally, I don't want to have to redesign the whole security model....

    Thanks in advance

    Griff
     
    =?Utf-8?B?R3JpZmY=?=, Nov 9, 2006
    #1
    1. Advertising

  2. =?Utf-8?B?R3JpZmY=?=

    Larry Bud Guest

    > Search engines have obviously followed this link from our corporate web site
    > and gained access into our eCommerce site. All the products can be found on
    > the search engines sites - which is good for the business2consumer side of
    > things. However, when one follows the link to a product from the search
    > engine site, one gets re-directed to the logon page because the
    > search-engine's session identifier is no longer valid (the session expired).


    Why not just have the system assume that if a user goes to one of the
    products, they are logged on anonymously?

    Why even have a login that is anonymous in the first place?
     
    Larry Bud, Nov 9, 2006
    #2
    1. Advertising

  3. "Griff" <> wrote in message
    news:...

    <snip>
    > Recently, we added some BusinessToConsumer functionality. The same
    > authentication process described above applies, but when the unknown user
    > gets redirected to the logon page they see a button that allows them to
    > log
    > on as the "anonymous user".


    <snip>


    How 'bout something like this on each page?

    <%
    if Session("loggedin") = "yes" then
    bLoggedIn = 1
    end if
    %>

    [HTML of all data normally visible to anonymous users]

    <%
    if bLoggedIn = 1 then
    %>

    [HTML of additional data visible only to logged in users]

    <%
    else
    %>

    You are not logged in. Click <a href="login.asp">here</a> to log in.

    <%
    end if
    %>


    --
    Bob Milutinovic
    Cognicom - "Australia's Web Presence Specialists"
    http://www.cognicom.net.au/
    telephone (0417) 45-77-66
    facsimile (02) 4727-1898
    -------------------------------------------------------
    To respond by e-mail: <myname>@<mydomain> (work it out)


    > Hi
    >
    > We have an eCommerce site that was designed as a BusinessToBusiness
    > system.
    > When anyone accesses a page, the site checks to see whether they have a
    > current session (i.e. already authenticated) and if not it redirects them
    > to
    > the log-on page.
    >
    >
    > We have a corporate web site with a link on it to the eCommerce site's
    > logon
    > page. This link contains a parameter which effectively mimics the
    > clicking
    > of the "log on anonymously" button - the end result is that the user gets
    > logged on transparently, they never see the actual logon page.
    >
    > Search engines have obviously followed this link from our corporate web
    > site
    > and gained access into our eCommerce site. All the products can be found
    > on
    > the search engines sites - which is good for the business2consumer side of
    > things. However, when one follows the link to a product from the search
    > engine site, one gets re-directed to the logon page because the
    > search-engine's session identifier is no longer valid (the session
    > expired).
    >
    > Ideally, I want people to find our products on the search engine's site
    > and
    > go seamlessly to the product's details page, but need suggestions on how
    > best
    > to achieve this.
    >
    > I guess that if the user is not recognised, I could look at the forwarding
    > URL (Request.ServerVariables("HTTP_REFERER")) and if it's a known search
    > engine's site then try to automatically log them on....
    >
    > Do you think that this a viable way forward, or is there a better way?
    > Ideally, I don't want to have to redesign the whole security model....
    >
    > Thanks in advance
    >
    > Griff
     
    Bob Milutinovic, Nov 14, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. phl
    Replies:
    0
    Views:
    356
  2. Chris K.
    Replies:
    3
    Views:
    745
    Chris K.
    Jun 8, 2008
  3. Martjack Ecommerce
    Replies:
    0
    Views:
    552
    Martjack Ecommerce
    Dec 22, 2009
  4. SROSeaner

    Meta-Search the Search Engines

    SROSeaner, Sep 15, 2004, in forum: ASP General
    Replies:
    1
    Views:
    153
  5. Griff
    Replies:
    2
    Views:
    106
    Bob Milutinovic
    Nov 14, 2006
Loading...

Share This Page