Why do I receive a Shopper Authorization Error message when adding an item to the shopping cart?

CartIt NT like many HTML form based carts, use the HTTP referrer as a security check. This is a built in feature of CartIt NT and cannot be changed. This error is caused by having one domain name post information to your domain name and the domain names do not match. For example, if your Web Site is at http://www.site.com/ and you have your domain name set to ".site.com" you have everything configured correctly. However, on many servers it is still possible to access the home page without the "www." in the URL, for example, http://site.com/.

To solve this problem, you can open your home page and add this HTML tag just before the closing </HEAD> tag:

<BASE HREF="http://www.site.com/">


using your URL and the "www." of course. The URL should also end with a forward slash.

This will force all of the relative links on your home page to point to www.site.com even if the shopper accesses your site by way of the IP address.

Note: This will not correct issues of NO referrer (as caused by some Anti-virus packages) or spoofed (fake) referrers as caused by people wishing to prove how smart they are by sending altered data. This also will not redirect someone typing in http://site.com/ to www.site.com, which you would need if you have a cartit form on the index page. On apache, you can use mod_rewrite with your .htaccess file to do this. Open the .htaccess file and add the following (put your domain in place of cartitshoppingcart.com):

Options +FollowSymlinks
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^www.cartitshoppingcart.com [NC]
RewriteRule ^(.*)$ http://www.cartitshoppingcart.com/$1 [L,R=301]

Make sure you test this after setting it up- type in the domain name to your browser and it should do a 301 redirect to www. Also make sure you have a full URL for your BASE HREF - if it is mal-formed (eg http:/xxx.yyy.xxx/ - missing one slash) you may find it works for some browsers- but not the all-important search engines! I would use a secondary computer and test in Opera, IE, Firefox, and Safari (there is a Windows version now).

If you are using a Windows server you can try something like this:

Add this ASP code to the VERY TOP of your ASP Page:

if Request.ServerVariables("HTTP_HOST") = "site.com" then
end if

You should NOT do it this way:

if Request.ServerVariables("HTTP_HOST") <> "www.yoursite.com" then

- some browsers may not send the HTTP_HOST request so you might get stuck in a loop.


FrontPage Note:

If you are using FrontPage to design your site from Design View, you should be able to right click on your Home Page then click the Properties option. This will bring up a dialog box that will allow you to enter the "BASE LOCATION" of the home page.

If you are using a Frames environment, you can load your frames using the fully qualified URL to each frame. Instead of using <FRAME SRC="right.html"> you can use <FRAME SRC="http://www.yoursite.com/right.html"> Really though, frames should probably not be used in new sites.