Https, cname subdomain, and FastPass cookie

  • Problem
  • Updated 2 years ago
  • Solved
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Topics are out of date.

We have encountered the problem using auth on SSL via FastPass cookie.

When user logs in on http://www.tradingview.com/ his browser gets fastpass cookie with domain scope ".tradingview.com" and this cookie is surely visible on http://feedback.tradingview.com/ (that points via CNAME to getsatisfaction.com).

Feedback page ignores this cookie. If user opens new pop-up window with login dialog and successfully logs in, FastPass cookie is set but nothing is happened on feedback page and pop-up page is not closed.

subzey

  • 2 Posts
  • 0 Likes
  • curious

Posted 2 years ago

  • 1

Amy Cottrell, Official Rep

  • 249 Posts
  • 11 Likes
Hi,

Thank you for reporting this and I'm sorry for any frustration it has caused! I have shared this with our tech team and someone will follow up with you shortly.

Thanks,
Amy :)

Jenn Lin, GetSat Alumni

  • 529 Posts
  • 19 Likes
Hi Subzey,

Sorry for your frustration, I'd love to lend a hand.

I created an account and logged in. After I logged in, I was sent to:
https://www.tradingview.com/#signin

When I look at the page's source code, I don't see FastPass anywhere. Are you sure that the code is being run?

Thanks!
Jenn

subzey

  • 2 Posts
  • 0 Likes
I'm sorry for inconvenience, the script indeed is not called. After reading section named "Writing a FastPass Cookie" on http://getsatisfaction.com/developers... page I thought that just setting a cookie is enough.

Wouldn't you tell if there are any means to invoke login process without redirecting user to non-SSL page?

Thanks!

Jenn Lin, GetSat Alumni

  • 529 Posts
  • 19 Likes
Hi Subzey,

I just want to make sure I know all the parameters. :)

You want to run FastPass from https://www.tradingview.com, which is HTTPS.
Your community is http://feedback.tradingview.com, which is HTTP.

Your FastPass code should look like:
&lt% FastPass.domain = "community.acme.com" %&gt &lt!-- if using domain aliasing --&gt
&lt%= FastPass.script(CONSUMER_KEY, CONSUMER_SECRET, current_user.email, current_user.name, current_user.id %&gt

You don't want to apply the is_secure flag, because that will set the community page to try to use HTTPS.

The resulting code looks like:
&ltscript type="text/javascript"&gt
var GSFN;
if(GSFN == undefined) { GSFN = {}; }

(function(){
add_js = function(jsid, url) {
var head = document.getElementsByTagName("head")[0];
script = document.createElement('script');
script.id = jsid;
script.type = 'text/javascript';
script.src = url;
head.appendChild(script);
}
add_js("fastpass_common", document.location.protocol + "//community.acme.com/javascripts/fastpass.js");

if(window.onload) { var old_load = window.onload; }
window.onload = function() {
if(old_load) old_load();
add_js("fastpass", "http://community.acme.com/fastpass?=&...;
}
})()

&lt/script&gt

This conversation is no longer open for comments or replies.