AbleCommerce Shopping Cart Software

Posted: **Wed Nov 04, 2015 4:32 am**

When I work on more complex AbleCommerce projects, it's often helpful to set up a staging site that is separate from the live site. This happens most often when preparing to upgrade a 7.x to Gold. But it's also beneficial when you have a lot of development work going on and you want the client to be able to review the changes prior to pushing them to the live website.

The AbleCommerce maintenance feature for closing the store works well if you have credentials, but it completely prevents any sort of anonymous site testing.

Having a public url staging site vastly improves project efficiency. But there is a substantial risk that a spider or bot will eventually index the staging site and create conflicting search results with the live site. This can have a dramatic impact on the live site SEO results. In short, very bad things can happen.

Normally, I would lock down the staging site by IP address. But this isn't always feasible for remote testers or clients using dynamic IP address internet connections.

My solution was to create a simple password page that fires only if a certain cookie does not exist in the client browser. The password page will render even if you try to hit the admin pages. Thus the entire site is protected from spiders and bots while actual users can easily continue testing and reviewing my work.

Here's how it works:

First, edit the global.asax file in the root of the site. Find the Application_BeginRequest() routine, it should be near the top. Locate this code in the routine:

Code: Select all

            Response.Redirect(url);
        }

and replace it with this code:

Code: Select all

            Response.Redirect(url);
        }

        // BEGIN MOD: AbleMods.com
        // DATE:  11/04/2015
        // if we're running on test site, check for tester cookie
        string origUrl = Request.Url.Host.ToLowerInvariant();
        if (origUrl.Contains("test.<yoursite>.com"))
        {
            // see if user has our magic cookie
            HttpCookie cookie = Request.Cookies["Tester"];
            if (cookie == null && !Request.RawUrl.Contains("Tester"))
            {
                // need to force custom login page
                Response.Redirect("~/TesterLogin.aspx");
            }

        }
        // END MOD: AbleMods.com

NOTE: You must replace the 'test.<yoursite>.com' with the actual url of your staging site. In my projects, I often use the hostname of test as the staging site i.e. test.solunar.com is staging for http://www.solunar.com.

Now you need the login page. So create a new file called 'TesterLogin.aspx' and copy/paste this code into it:

Code: Select all

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="TesterLogin.aspx.cs" Inherits="AbleCommerce.TesterLogin" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Store Is Closed</title>
</head>
<body>
    <div id="outerPageContainer" class="contentOnlyLayout"> 
       <div id="innerPageContainer" class="contentOnlyLayout"> 
          <div id="mainColumn" class="contentOnlyLayout"> 
            <div class="zone"> 
              <div id="storeClosed" class="mainContentWrapper">
				<form id="form1" runat="server">
				  <div class="section">
                    <div class="pageHeader">
                    </div>
                    <div class="content">
                        <h1>WHAT is the airspeed velocity of an unladen swallow?</h1>
                        <asp:TextBox runat="server" ID="txt_Speed"/><asp:Button runat="server" ID="btn_Submit" Text="Submit" OnClick="btn_Submit_OnClick"/>
                    </div>				   
				  </div>
				</form>
              </div> 
            </div> 
          </div> 
        </div> 
    </div> 
</body>
</html>

Save the file.

Now create a file called TesterLogin.aspx.cs and copy/paste this code into it:

Code: Select all

using System;
using System.Web;
using CommerceBuilder.Utility;

namespace AbleCommerce
{
    public partial class TesterLogin : CommerceBuilder.UI.AbleCommercePage
    {

        protected void Page_Load(Object sender, EventArgs e) 
        {

        }

        protected void btn_Submit_OnClick(object sender, EventArgs e)
        {
            // test value
            if (txt_Speed.Text == "ablemods2015")
            {
                //create a cookie
                HttpCookie myCookie = new HttpCookie("Tester");

                //Add key-values in the cookie
                myCookie.Values.Add("StartDate", LocaleHelper.LocalNow.ToString());

                //set cookie expiry date-time. Made it to last for next 12 hours.
                myCookie.Expires = DateTime.Now.AddDays(7);

                //Most important, write the cookie to client.
                Response.Cookies.Add(myCookie);

                // redirect to home page
                Response.Redirect("~/Default.aspx");
            }

        }
    }
}

Feel free to change the password 'ablemods2015' to anything you like. Save the file.

Now upload the two TesterLogin files to the root of your staging site.

You're all set! Hit the site url with your browser and you'll get nothing more than a question that wants an answer. Enter the correct response and you'll be redirected to the home page while your browser gets a 7-day cookie. For the next calendar week, you'll automatically bypass the question. Safe from indexing, Easy to remember for testers.

Enjoy

Posted: **Wed Nov 04, 2015 5:16 am**

Thank for the info Joe. I never thought a search engine could get a hold of pages on an IP based website, but I guess that has happened to you?

I was also wondering if you could use the Members only feature by enabling access to the Admin groups, but then I realized that we only list non-admin groups. I wonder why that is?? If it did list the Admin groups, could you setup a store that forced a login before viewing.

Posted: **Wed Nov 04, 2015 5:57 am**

Yea, unfortunately it's happened a few times over the years. If you ran strictly off IP, it can still get indexed. If it's accessible to the public, someday somebody is going to find it and index it. Took weeks to clean up the mess it made in google results. So I'm hyper-sensitive to it these days given the time it costs to get rankings up in the land of SEO.

The Able authentication would normally work in this situation. But it prevents testing things as an anonymous user. As you know I'm sure, several aspects of the site (especially checkout) behave differently if you're anonymous versus registered. So it's important that any solution support both anonymous and authenticated user access to the site.

That's why I had to go down this road - it's the only way to support a (barely) secure way to anonymously use the Able site.

AbleCommerce Shopping Cart Software

Password lock an Able Gold site

Password lock an Able Gold site

Re: Password lock an Able Gold site

Re: Password lock an Able Gold site