Jump to content
Sign in to follow this  
MaxiTrading

Please fix your badly coded AJAX handler

Recommended Posts

MaxiTrading    10
MaxiTrading

We can't operate our store - we can't change sales statuses or send messages - all because BidorBuy's poorly coded AJAX handler thinks we're logged out. Specifically, calls are made to http://www.bidorbuy.co.za/jsp/seller/sales/UpdateSellersOrderStatusAJAXHandler.jsp (with whatever GET vars are part of the request) and not over https, which causes the browser to fail to include the JSESSIONID/bobeprod/loginId cookie in the HTTP request. Thus, the AJAX handler believes it to be an unauthorised request, and returns a "LoginException:#:NOT_LOGGED_IN:#:1000:#:You are not logged in. Please login now".

 

Honestly, whoever pushed crappy code like this into production needs a disciplinary hearing. Breaking core functionality is unacceptable on a live site - do you not have test cases for precisely this sort of thing? Shocking, absolutely shocking.

Share this post


Link to post
Share on other sites
xdeanh    10
xdeanh

Hi There

 

Tried it out on all my browser setups and I don't see where you're issue is coming from. Even if I click on that link now it doesn't give me a login error as I am currently logged in.

Can you please tell me the browser and maybe a screen just to see what it's looking like on your end?

 

Thanks

 

EDIT:

 

Oh, and please tell me why you want the sales page over HTTPS? We do not serve it that way and will break if done so.

Edited by xdeanh

Share this post


Link to post
Share on other sites
RISadler    10
RISadler
Oh, and please tell me why you want the sales page over HTTPS?
Well, it's kind of obvious ...
We do not serve it that way and will break if done so.
Obvious why, as well ...

Share this post


Link to post
Share on other sites
MacMuffin    0
MacMuffin

Hi there,

 

the sales pages and most backend-pages do not serve sensitive content and as such are not being transmitted over HTTPS.

 

We generally do not serve pages via HTTPs where we need to display images (for performance reasons we do not serve our thumbnails and images over HTTPS) and the sales page is one of those. You would have noticed many insecure content warnings as well as our EV-cert not being properly displayed when calling the sales page via HTTPS in the first place.

 

I think if the OP had decided to be more specific (as in "Why can't I view my sales information via SSL?") it would have been easier to understand what the concern was about (especially since the "security sentiments" got subsequently voiced on social media.

 

Unlike many other companies in the eCommerce space we believe that we are quite responsive in addressing issues and enjoy constructive customer feedback and suggestions and act on those where it will add value to the user community.

Share this post


Link to post
Share on other sites
RISadler    10
RISadler
Unlike many other companies in the eCommerce space we believe that we are quite responsive in addressing issues and enjoy constructive customer feedback and suggestions and act on those where it will add value to the user community.
I wrote a response ... then deleted it ...

Share this post


Link to post
Share on other sites
MacMuffin    0
MacMuffin
I wrote a response ... then deleted it ...

 

That's a pity - your responses are always interesting....

Share this post


Link to post
Share on other sites
RISadler    10
RISadler

As well ... your turn.

Share this post


Link to post
Share on other sites
MacMuffin    0
MacMuffin

Replied in that other threat. You need to rush, the gnome is back next week ;-) (Otherwise have a good break over Easter)

Share this post


Link to post
Share on other sites
MaxiTrading    10
MaxiTrading
Hi there,

 

the sales pages and most backend-pages do not serve sensitive content and as such are not being transmitted over HTTPS.

 

We generally do not serve pages via HTTPs where we need to display images (for performance reasons we do not serve our thumbnails and images over HTTPS) and the sales page is one of those. You would have noticed many insecure content warnings as well as our EV-cert not being properly displayed when calling the sales page via HTTPS in the first place.

 

I think if the OP had decided to be more specific (as in "Why can't I view my sales information via SSL?") it would have been easier to understand what the concern was about (especially since the "security sentiments" got subsequently voiced on social media.

 

Unlike many other companies in the eCommerce space we believe that we are quite responsive in addressing issues and enjoy constructive customer feedback and suggestions and act on those where it will add value to the user community.

 

You know what's bad? Being technically incompetent like you are. You know what's worse? Aggravating somebody who knows what they're talking about when you're technically incompetent. Oh - that and lying on the forums. Tsk tsk, liar.

 

58f5a748459ca_ScreenShot2013-03-28at4_34_59PM.jpg.0d442a763428a2d2b91f5bd615473d9f.jpg

(grown-up version not resized by forum here)

 

The reason I'm on an HTTPS version of the sales page is because YOUR LOGIN PAGE SENT ME THERE (notice the Location: redirect in the HTTP header response after a successful login) -

 

58f5a7484a219_ScreenShot2013-03-28at4_41_16PM.jpg.0cfa539884a7df97ea2fd1d42ebd8dfa.jpg

(grown-up version not resized by forum here)

 

I'm NOT making an HTTP GET or POST to that AJAX handler independently of the sales page, I'm finding your problem for you because clearly you're incapable of figuring it out yourselves.

 

Edit: also, before I get accused of accessing the site over HTTPS and thus creating this scenario (which in itself is retarded - pages should either definitely be secure or insecure or both; if a page is incapable of being served over both HTTP and HTTPS then it should 301 redirect to the correct version) - you can clearly see even when I repeat the experiment that I access the HTTP version in my initial request, and that I clicked on the Sales link in the menu that took me to the non-HTTPS version of the sales page. The redirect to the HTTPS version happens exclusively because the response to the login POST contains a Location: in the header that redirects the browser to the HTTPS sales page which doesn't work.

 

Next time: don't be a douchebag.

Edited by MaxiTrading

Share this post


Link to post
Share on other sites
MaxiTrading    10
MaxiTrading
EDIT:

 

Oh, and please tell me why you want the sales page over HTTPS? We do not serve it that way and will break if done so.

 

*beep*

 

Wrong. See above.

Share this post


Link to post
Share on other sites
RISadler    10
RISadler
... have a good break over Easter.
One, I'm self-employed ... so no breaks/holidays/vacations ... ever. Two, the place is packed with bloomin' Vaalpense & Blikore, so "good" is impossible.

Share this post


Link to post
Share on other sites
Little Miss Muffet    20
Little Miss Muffet

MaxiTrading. I do not have the foggiest idea what you are talking about because I am not "Programme" literate

Therefore I cannot comment but I just cannot keep quiet about your attitude.

Why dont you make a friendly suggestion under the "Feedback" thread to Bob

You have been downright rude to MacMuffin.Is that necessary???

:colbert:CAPITALS SPELL SHOUTING!!!!!!!!!!!!!!!!!!!!!

Share this post


Link to post
Share on other sites
MaxiTrading    10
MaxiTrading
MaxiTrading. I do not have the foggiest idea what you are talking about because I am not "Programme" literate

Therefore I cannot comment but I just cannot keep quiet about your attitude.

Why dont you make a friendly suggestion under the "Feedback" thread to Bob

You have been downright rude to MacMuffin.Is that necessary???

CAPITOLS SPELL SHOUTING!!!!!!!!!!!!!!!!!!!!!

 

A capitol is a building where legislature meets (eg. the building in Washington DC where congress meets is called the Capitol Building). Capitals, on the other hand, are uppercase letters:)

 

geewhizz, the reason I have had to raise my voice is not only because MacMuffin is wrong, but because the heavy-handed implication is that my concern is not a bug in the site (which it is) but rather that I have some security concerns and care about someone sniffing the phone numbers, email address, names, and addresses of a bunch of people that have purchased from me. Whilst I am shocked that they think exposing that data to all and sundry is just fine (and trust me - on public wifi and if you're accessing it at work there are dead simple ARP poisoning attacks that will let you have it), that is not what my issue was about. I'm angry because they're deflecting as a way of discounting the possibility of shoddy programming and testing, instead of acknowledging the possibility of a mistake. The knee-jerk "well it works on this side" attitude and the immediate assumption that I'm forcibly using HTTPS for the page is...disappointing.

Share this post


Link to post
Share on other sites
RISadler    10
RISadler

MaxiTrading ... It's not about who's right and who's wrong - although you'll always be wrong and they'll always be right. I've been there, done that, and got the infractions to prove it. My attitude these days is that it's their site, their business, and their liability. Heck, I haven't been able to access my seller/buyer page for two days now ... am basically now losing a R5500 sale ... and missed some great items on the CWR1 auctions yesterday ... all because of their ... er ... programming methodology. Who cares? [insert deranged laugh here.]

Share this post


Link to post
Share on other sites
Little Miss Muffet    20
Little Miss Muffet

This is a publc forum. Sort out your problem amicably in private.

Now was that "Capitol" a slip of my 63 year old mind or a slip of the finger??

Looks like the former --The "A" is too far removed from the "O"

Share this post


Link to post
Share on other sites
RISadler    10
RISadler
Sort out your problem amicably in private.
How? Where? With whom?

Share this post


Link to post
Share on other sites
Little Miss Muffet    20
Little Miss Muffet

I was not referring to you Sadler "Aver ond aut" Oops!! Over and out:wacko:

Share this post


Link to post
Share on other sites
RISadler    10
RISadler

OK, me go sit quietly in corner ...

Share this post


Link to post
Share on other sites
MaxiTrading    10
MaxiTrading
MaxiTrading ... It's not about who's right and who's wrong - although you'll always be wrong and they'll always be right. I've been there, done that, and got the infractions to prove it. My attitude these days is that it's their site, their business, and their liability. Heck, I haven't been able to access my seller/buyer page for two days now ... am basically now losing a R5500 sale ... and missed some great items on the CWR1 auctions yesterday ... all because of their ... er ... programming methodology. Who cares? [insert deranged laugh here.]

 

I like your response very much, and I agree with you - it is their site and their business, but we are the ones that pay their salary. Therefore, they are beholden to us, and they have an ethical responsibility (that makes plenty of business sense) to ensure that their system works. In fact, it makes good business sense for them to molly-coddle us, the sellers that make them money. I have found all too often that they are protective over buyers, when it is not buyers that pay their fees. Their ivory tower complex as evidenced in this thread shows just where their priorities lie.

Share this post


Link to post
Share on other sites
MaxiTrading    10
MaxiTrading
I was not referring to you Sadler "Aver ond aut" Oops!! Over and out:wacko:

 

I think your 63 year old brain missed RISadler's point. I'll reiterate it: sort it out privately with whom and how? I could talk to Cuan directly (I have his contact details and have dealt with him before) but this seems a trivial matter to phone him about, and it's not really his problem to sort the broken website out. More importantly - Bidorbuy told me on Twitter to use the forum. I'm acting on their instructions. Had they told me contact them privately they would have told me to do so.

 

This is the part where you put your tail between your legs and go mind your own business.

Share this post


Link to post
Share on other sites
Jongleur    10
Jongleur
I like your response very much, and I agree with you - it is their site and their business, but we are the ones that pay their salary. Therefore, they are beholden to us, and they have an ethical responsibility (that makes plenty of business sense) to ensure that their system works. In fact, it makes good business sense for them to molly-coddle us, the sellers that make them money. I have found all too often that they are protective over buyers, when it is not buyers that pay their fees. Their ivory tower complex as evidenced in this thread shows just where their priorities lie.

 

When you say we pay their salaries perhaps you should define we. I, for one, cannot support your

viewpoints and statements concerning this site. Business is not about being beholden to anyone.

This site works for me. The intended purpose of this site is exactly what it delivers. This site offers

the individual preference unique to every buyer and seller.

Share this post


Link to post
Share on other sites
MaxiTrading    10
MaxiTrading
When you say we pay their salaries perhaps you should define we. I, for one, cannot support your

viewpoints and statements concerning this site. Business is not about being beholden to anyone.

This site works for me. The intended purpose of this site is exactly what it delivers. This site offers

the individual preference unique to every buyer and seller.

 

We = sellers on Bidorbuy. I'm not sure what business you know that is beholden to nobody. Every successful business, small and large, is beholden to both the shareholders and its clients. Fin. But this conversation has gone off track long enough - unless you have a point to raise around how the login servlet really should forward to the original referrer without modifying the connection type, please refrain from commenting. Y'all are welcome to start a new forum post about how much you disagree with me and my "attitude".

Share this post


Link to post
Share on other sites
Little Miss Muffet    20
Little Miss Muffet

I am minding my own business. Bidorbuy is the business of every user on Bob.

Staff,sellers and buyers are a team.

Neither can do without the other.

My first paragraph was already thought up yesterday because I had a feeling you were going to tell me to "Mind my own Business" which,as I said, I am doing.

Did Bidorbuy tell you to use the forum and be rude???

The next thing Cuan or admin will be here telling us to all "Shut up" and sort out our differances in private. G*d forbid :rolleyes:

Edited by geewhizz

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×