cookies v sessions

[meandrew]

what is the preference of use I am more on the session side of the fence pros and cons would be interesting to hear

 

Andrew

[stevel]

I don't quite understand your question. In the context of osCommerce, there are ALWAYS sessions. The only choice is how does the user's browser pass around the session ID. Cookies are the better way, and osC will use them if the browser will let it - otherwise the SID is passed explicitly in the URL, which is a bit ugly.

 

Some people set "force cookies" to true, which requires everyone to use cookies, but that doesn't work if you are using shared SSL.

 

So.. what's your question?

[bluecivic21]

my force cookies don't work even on non shared ssl, and i"m having a session problem

[080]

Hi , I have session problem too, but not sure is same as yours, every so often, some members will get each others info, example, one customer during sign up got another customers address prefilled in.

 

And after ordering the other customer (whose adddress was used) got the order receipt, and was shocked.

 

My guess is this is due to session id? users got the wrong session id somehow, "hijacking" each others sessions?

 

I use MySQL sessions.

 

Right now I tried use "force cookie use" option, but after setting that, I keep getting a page that says my browser does not accept cookies which is totally wrong.

 

Thanks for attention

[stevel]

More likely is that customers are finding your site through a link that has a session ID already present. By default, there is no attempt to validate the session ID by IP addresses or browser ident string. You can turn on such validations under Sessions in admin, though I have found that the IP validation can cause trouble for legitimate users.