ParentPay seriously broken (again)

400 Bad Request
ParentPay, the Microsoft-based school payment system that’s the bane of so many parents’ lives, has yet another problem. Since Saturday, every time I go to their web site I get a page back that displays as above. Eh? Where does this page come from – it’s not a browser message. A look at the source reveals what they’re up to:

<html>
<head><title>400 Request Header Or Cookie Too Large</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>Request Header Or Cookie Too Large</center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

 

Okay, but what the hell is wrong? This is using Chrome Version 56.0 on a Windows platform. Can ParentPay not cope with its standard request header? If a cookie is too large, the only culprit can be ParentPay itself for storing too much in its own cookie.

I’ve given them three days to fix it.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

Unfortunately, parents of children at schools are forced to use this flaky web site and hand over their credit card details. How much confidence do I have in their technology? Take a guess!

Solution

So what to do about this? Well they have the URL https://parentpay.com, so I tried that too. It redirected to the original site, with a slightly different error message sent from the remote server – one that omitted mention of cookies. So it was definitely Chrome’s header? Upgrade Chrome for 56.0 to 57.0, just in case…. No dice.

A look at the cookies it stored was interesting. 67 cookies belonging to this site? I know Microsoft stuff is flabby, but this is ridiculous! Rather than trawling through them, I just decided to delete the lot.

That worked.

It appears ParentPay’s bonkers ASP code had stored more data in my browser than it was prepared to accept back. Stunning!

 

Parent Pay adds fuel to its fire

Following a disastrous software “upgrade” on 6th June, it appears that ParentPay, the controversial on-line payment system used by many schools, finally appears to have noticed it has a problem. In an email sent to all its 1.7 million victims users today, CEO Clint Wilson apologised that people were having difficulties with the new system and conceding their support service was overwhelmed. He promised to fix the problems and get it right over the summer.

Perhaps in order to emphasise the fact that he really don’t know much about this technology stuff, the email was sent in a Microsoft-only format, with an invitation to “view it in your web browser” if you weren’t using Hotmail, or whatever else it was designed for. It really doesn’t bode well.

The ParentPay website was always awkward, requiring very specific web browsers in order to operate, and using insecure technologies rather than HTML. The latest update relied very heavily on JavaScript and assumed specific screen resolutions, forcing people to upgrade browsers and wait for updates in order to use it – and it looks ridiculous on a desktop-sized screen.

At the same time ParentPay implemented a system where parents were made to pre-pay in to the account and then allocate funds later, rather than paying for the items at the time they were selected/purchased. Subsequently the company has sought to defend this tiresome system as an initiative to help low-income families, although exactly how pre-payment does this isn’t clear. The fact that ParentPay is left holding money for longer before the school gets is probably didn’t even cross their mind.

Parents, already leery about the whole ParentPay system and the way it has been imposed on them by schools in spite of widespread long-standing dissatisfaction, have taken to social media to slag off the crass software update and appalling customer service..

It’s a sad fact that schools and local authorities lack the necessary IT savvy to spot a turkey when its marching up and down in front of them, and instead opt for “safety” in numbers. I don’t actually blame the schools for this – it’s not their job. It’s the government and local authorities that are unable to provide good advice – but local authority and government IT projects are, of course, a byword for expensive shambles.

ParentPay won’t support “insecure” browsers

This week that ParentPay, the Microsoftie payment system used by many schools, rolled out a web site update to support an even more limited range of browsers. This included dropping support Internet Explorer before 9 for “security reasons”.

By coincidence, in the same week Microsoft trumped their loyal fanobois at ParentPay by announcing that everything prior to version 10 was hereby deemed unsafe. ParentPay has yet to comment.

However, the notion that any version of Internet Explorer is “safe” is stretching the truth badly. All the mainstream browsers are dodgy; they all support unsafe scripting and embedded code. Microsoft may have the worst reputation, but they’re all undermined by their code and add-ons – and host operating system, to be fair. Only a few niche browsers, that don’t support things like JavaScript and ActiveX, can be considered safe; and those are the ones that ParentPay refuses to support because they don’t allow “rich content”. (And their developers are Microsoft fans). It’s definitely a case of form over security, yet again.

As an illustration of just how feeble their new browser support policy is, here’s a list  of those they’ll accept, taken from their web site:

  • Chrome 35 or higher
  • Firefox 30 or higher
  • Internet Explorer 9 or higher
  • Safari 6 or higher.

The the the the That’s All Folks!

Schools should be seriously considering their relationship with ParentPay, given the cost and inconvenience they’re forcing parents to go through in order to use it. Analysis of the traffic across my servers suggest that IE has around a third of the browser market. Of these, more than half are using IE 9 or earlier.

ParentPay’s assertion that this will only affect a “..small proportion of parents” may be literally true, but it’s disingenuous. Let’s do some simple arithmetic. Say there are 1500 parents in a secondary school. A third of these use IE – that’s 500. Half of these use an old IE (on an old PC) – that’s 250/1500 parents at each school who’ll be grossly inconvenienced. Cancel the fraction out and it’s 1/6, which could be described as a small proportion, but it’s still 250 per school.

The number of people who would be using”unsupported” browsers on tablets or mobile devices is probably very high. Anecdotally, parents have access to a PC somewhere that they currently have to go to in order to use ParentPay. Many would rather use a tablet.

It’s about time someone set up an alternative to ParentPay and schools were educated in to the benefits of open standards.