Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Cookie Problem


iantates

Recommended Posts

My site has been working fine for ages until today.

 

When I tried to add a product it would go to the chechout page and state 'no products added'.

 

I then deleted the internet files & cookies and now all I get is the cookie usage warning stating the security setting of my browser needs to be set to medium ( which it already is).

 

Not sure what has caused this to happen except I did change the catalog folder location but the site was working fine after that!

 

Confused or what.

Link to comment
Share on other sites

did you reslove this problem?

 

I have 'Force cookie usage' turned on and have my browser set to accept cookies and i always get redirected to the cookies_usage.php page.

 

Another thing i don't understand why do you need to define a cookie folder in configure.php, surley all cookies are clientside?

I ain't got time to bleed

Link to comment
Share on other sites

You can only use the 'Force Cookie Use' feature if you have a full ssl certificate on your site. There are workarounds which will allow you to run it via a shared ssl, but they involve putting all of your site behind the shared ssl - which will slow things down humongously! So, unless you have a full ssl cert, turn off 'Force Cookie Use' and turn on 'Prevent spider sessions'.

 

why do you need to define a cookie folder in configure.php

 

You don't define a cookie folder, you define a domain that the cookie applies to.

 

Vger

Link to comment
Share on other sites

You don't define a cookie folder, you define a domain that the cookie applies to.

OK fair enough that makes sense. I have never had to do it before, or maybe i just don't remember doing it before. Damn brain.

 

You can only use the 'Force Cookie Use' feature if you have a full ssl certificate on your site.

Why? forgive me but what does a server side tech like SSL have to do with clientside cookies?

As i understand it SSL is a public key/private key encryption system and cookies are text files written to the users machine to hold session info.

I can see there would be a problem if you had a mixture of secure and non-secure pages as this would mess up the cookie. The domain wouldn't match as you switched between secure and non-secure pages. My site only uses SSL for the admin.

 

on a slightly different tack

Are people still paranoid about cookies? Do we still have inept sys admins that think that a malious cookie is gonna reformat the raid array?

I ain't got time to bleed

Link to comment
Share on other sites

I have fixed my original problem with the cookies. I change the value in configure.php from:

define('HTTP_COOKIE_DOMAIN', 'http://www.hijinxstudio.com');

to

define('HTTP_COOKIE_DOMAIN', 'hijinxstudio.com');

 

and it works with force cookies turned on, woohoo

 

http://www.hijinxstudio.com/so_gifted/

I ain't got time to bleed

Link to comment
Share on other sites

Okay, I was assuming that you were using a shared ssl cert. If you're not, and your site is totally insecure then 'Force Cookie Use' will work.

 

Vger

I have fixed my original problem with the cookies. I change the value in configure.php from:

define('HTTP_COOKIE_DOMAIN', 'http://www.hijinxstudio.com');

to

define('HTTP_COOKIE_DOMAIN', 'hijinxstudio.com');

 

and it works with force cookies turned on, woohoo

 

http://www.hijinxstudio.com/so_gifted/

Link to comment
Share on other sites

Okay, I was assuming that you were using a shared ssl cert.  If you're not, and your site is totally insecure then 'Force Cookie Use' will work.

 

Vger

 

Vger

 

I solved the original problem, well so I thought.

 

It would seem that some people, well more than some are having problems with the site which is down to the cookies.

 

For instance my wife gets caught in the log in loop yet here at home and others don't have that problem.

 

I dont believe I have a shared secure server( Site is hosted on Apollo) and I have a dedicated SSL certificate.

 

Now I apprieciate that some people will have problems re cookies but it seems that its a 50/50 split at the moment.

 

If I turn off ' force cookies' will this improve things?

 

Also if I installed a contrib that allows a customer to order without creating an account again would this improve things?

 

Lastly in case I have messed up the configure.php would you be able to check it if I posted it on here?

 

I need to solve this fast as it is driving me mad but more importantly costing me money!

 

Any help welcome.

Link to comment
Share on other sites

Okay, if you have a full ssl certificate then 'Force Cookie Use' should work. Some people may have problems if they use AOL as their Internet Service Provider, but that's not an osCommerce problem that's an AOL problem.

 

Post your configure.php files here, minus db username, password etc. and I'll take a look.

 

Nice looking site by the way, well done. But I see that you are not using your ssl at all at the moment.

 

Vger

Link to comment
Share on other sites

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.simplyfancydress.co.uk'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.simplyfancydress.co.uk'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'simplyfancydress.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'simplyfancydress.co.uk');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/wendy/simplyfancydress-www');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'www.simplyfancydress.co.uk'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '********');
 define('DB_SERVER_PASSWORD', '*********');
 define('DB_DATABASE', '***********');
 define('USE_PCONNECT', 'true'); // use persistent connections?
 define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

Thanks for looking at the above.

 

As for SSL I thought that is working when the customer logs in, is that not correct?

Link to comment
Share on other sites

These settings:

define('HTTP_COOKIE_DOMAIN', 'simplyfancydress.co.uk');
define('HTTPS_COOKIE_DOMAIN', 'simplyfancydress.co.uk');

Should be:

define('HTTP_COOKIE_DOMAIN', '.simplyfancydress.co.uk');
define('HTTPS_COOKIE_DOMAIN', '.simplyfancydress.co.uk');

The extra period in front of the domain name sets the cookie domain wide.

Link to comment
Share on other sites

just a thought but is there any reason why you have to set the domain in a config file, why couldn't you use $_GLOBALS[HTTP_HOST]. Quite a lot of the settings in configure.php can be auto detected, which is suppose is what the install scripts do.

 

just thinking out loud, well quietly cos it a forum post :-"

I ain't got time to bleed

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...