Here is what Trustwave is asking me to confirm with regard to my dispute: "Can your organization confirm that "ectcartcookie" is not a session cookie but rather a tracking cookie that has nothing to do with authentication to this system?" Vince stated above that this is in fact a session cookie so chances are they won't approve it.

This is what I stated in my dispute: "No sensitive or cardholder data is held using the session cookie" per my software developer."

Is it in fact a session cookie, and can it be stated that it has nothing to do with authentication? They either ignored "sensitive or cardholder data" or don't consider that a satisfactory response.

Steve

The ectcartcookie is just a tracking cookie and is just used to track the cart items that customers put in their shopping basket.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

For what it's worth I threw together an ASP test site using the latest version 7.1.3 (build: 7.1.3.003) and it sets the ectcartcookie securely exactly as expected, so it all looks to be correct on the ECT side. If you get something different then either you don't have the correct/latest vsadmin/inc/incfunctions.asp file up there, you have a hosting problem or Trustwave are just plain wrong in their assessment (this is not uncommon). So while they might grant you an exception for this, you don't actually need it.

Peter


Professional ecommerce web hosting services
Shared hosting Windows & Linux | Dedicated servers | Domains | SSL
Ecommerce Templates specialists since 2003
https://servelink.com

Trustwave approved the dispute, they appear to have gone onto the site and processed a null order to check it. My problem now is my cart.asp page is broken, it is not possible to "buy now" any products and clicking "Cart" produces a 500 - internal server error.

I don't know if the v7.1.3 update has a new version of cart.asp, apparently not. Please advise what could have caused this to break.

Thank you,
Steve

Hi, you should get the actual error. That "500 error" is a generic error.
You could check your site logs, ask your host, or turn off friendly error messages, but that error will reveal the issue.

The problem related to what I had posted on p. 1 of this thread: "Instructions for custompayproc are incomplete and conflict with prior instructions. I have deleted old versions from vsadmin/inc folder, which then makes it match the updater in number of files and total size."

The fact that these two files were missing was the cause of the problem - I don't have my own payment processor therefore didn't update them at any time, but deleted them when I was trying to troubleshoot the PCI scan failure problem so I could compare file and directory sizes. Instructions are included in the readme file in that directory as follows:
"The 2 files contained in this folder are to help those who wish to implement their own payment processor. They need to be copied to your vsadmin/inc directory BUT ONLY IF they are not already present in that directory. If you already have these files in your vsadmin/inc directory then do not overwrite them."

The copy above indicates that they may not be present, but as I found out the hard way, they are needed so this should be made clear.

Topic is not mentioned here https://www.ecommercetemplates.com/updater_info.asp. I did a search for custompayproc in the 7.0 user manual and did not get any results, though I do see the topic discussed on p. 43.

Steve

Hi, the software does look for those file, in case they are needed.
I sounds like your 500 error was simply a file not found error.
The db_conn_open, includes, and those two files are not part of the updater.
You can also create a custom css file for the admin.
In the end, you should never "wipe out" the vsadmin when installing an update, but rather use the update instructions and overwrite any files in the update package.

It sounds like you are all set now, and being that your know more about the update installation process, it sounds like you have it all set going forward.

Just one more quick comment - I did not wipe out anything, just deleted the two files in question since I was troubleshooting based on suggestions that the updater did not complete fully. The two files in question are not included in the vsadmin\inc folder on the updater, so deleting them allowed me to compare the two directories, with particular attention to incfunctions.asp as had been suggested. I stick by my suggestions.
Steve

Happened again - seems to be an issue needing to be dealt with every three months. I'm running v7.1.7 and see v7.1.8 is out, any chance this update addressed this issue? UPDATE - I'm talking about the Trustwave scan failure relating to "ectcartcookie," not the secondary issue.

Thank you,
Steve

Hi Steve
If you have to make a declaration such as, "The ectcartcookie is just a tracking cookie and is just used to track the cart items that customers put in their shopping basket." then that will need to be done every time you make a new scan. Is that what you mean? There isn't really much you can do about this.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater