Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Session Id's keep changing while i'm browsing

wescosa

By wescosa
in General Support

Recommended Posts

wescosa

wescosa

Posted
Posted

I found a odd problem that might be self inflicted. I'm hoping someone can get me past this session issue. I configured my OSCommerce cart to require login before you can view the products by using this code at the top of the index, product_info and advanced_search page. it is cut from the login.php page

 

// if the customer is not logged on, redirect them to the login page
if (!tep_session_is_registered('customer_id')) {
  $navigation->set_snapshot();
  tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'NONSSL'));
}

 

The code does exactly what I want, it sends you to the logging page if you are not currently logged in. This keeps the general public from seeing wholesale cart. Since I also use a contribution that makes it so an admin must activate all user accounts you can not just register as a user and view the products.

 

All was working good till I used the drop down menu at the top of the main body. It is the drop down menu at the top of the page when viewing categories. It by default it say "Show: [All Manufacturers]". Once I click on this it appears the cart clears my session and with the code above I now have to log back in to get a new session Id. I don't use the SSL mode but it seems the cart still switches between what it thinks is secure and non secure but they are both the same URL. I checked my configure.php file and I think SSL is turned off.

 

        define('HTTP_SERVER', 'http://website.com/');
       define('HTTPS_SERVER', 'http://website.com/');
       define('ENABLE_SSL', 'false');
       define('HTTP_COOKIE_DOMAIN', 'http://website.com/');
       define('HTTPS_COOKIE_DOMAIN', 'http://website.com/');

 

The important thing, once you are logged in, is that as you switch from what the cart thinks is https to http and back to https that you stay logged in and not get a new session ID.

boxtel

boxtel

Posted
Posted
I found a odd problem that might be self inflicted. I'm hoping someone can get me past this session issue. I configured my OSCommerce cart to require login before you can view the products by using this code at the top of the index, product_info and advanced_search page. it is cut from the login.php page

 

// if the customer is not logged on, redirect them to the login page
if (!tep_session_is_registered('customer_id')) {
  $navigation->set_snapshot();
  tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'NONSSL'));
}

 

The code does exactly what I want, it sends you to the logging page if you are not currently logged in.  This keeps the general public from seeing wholesale cart. Since I also use a contribution that makes it so an admin must activate all user accounts you can not just register as a user and view the products.

 

All was working good till I used the drop down menu at the top of the main body. It is the drop down menu at the top of the page when viewing categories. It by default it say "Show: [All Manufacturers]". Once I click on this it appears the cart clears my session and with the code above I now have to log back in to get a new session Id.  I don't use the SSL mode but it seems the cart still switches between what it thinks is secure and non secure but they are both the same URL. I checked my configure.php file and I think SSL is turned off.

 

        define('HTTP_SERVER', 'http://website.com/');
       define('HTTPS_SERVER', 'http://website.com/');
       define('ENABLE_SSL', 'false');
       define('HTTP_COOKIE_DOMAIN', 'http://website.com/');
       define('HTTPS_COOKIE_DOMAIN', 'http://website.com/');

 

The important thing, once you are logged in, is that as you switch from what the cart thinks is https to http and back to https that you stay logged in and not get a new session ID.

 

check if all your links hold the session id, by using tep_href_link() function.

Treasurer MFC

Guest

Guest

Posted
Posted

cookie domains are incorrect:

define('HTTP_COOKIE_DOMAIN', 'http://website.com/');

define('HTTPS_COOKIE_DOMAIN', 'http://website.com/');

 

need to be with two periods:

 

define('HTTP_COOKIE_DOMAIN', '.website.com/');

define('HTTPS_COOKIE_DOMAIN', '.website.com/');

 

and without the http:// or http://www

wescosa

wescosa

Posted
  • Author
Posted
check if all your links hold the session id, by using tep_href_link() function.

 

would you know where the code is the controls that drop down menu? is that where I would check it it contains the tep_href_link() function? every time I use the drop down it assigns a new session id and logs me out.

 

I did try the other sugestion about removing http:// and replacing it with a dot but it did not help. maybe it fixed a problem I just had not found yet.

Guest

Guest

Posted
Posted

try removing your code you placed and see what happens . ..

boxtel

boxtel

Posted
Posted
would you know where the code is the controls that drop down menu? is that where I would check it it contains the tep_href_link() function? every time I use the drop down it assigns a new session id and logs me out.

 

I did try the other sugestion about removing http:// and replacing it with a dot but it did not help. maybe it fixed a problem I just had not found yet.

 

 

the code is in your index.php, look for "filter"

 

I would suggest to set your browser not to accept cookies, that way the session_id is added to the url and you can see when it is and when it is not passed correctly. when accepting cookies, the session_id is in the cookie and you see nothing which is bad for testing.

Treasurer MFC

wescosa

wescosa

Posted
  • Author
Posted
the code is in your index.php, look for "filter"

 

I would suggest to set your browser not to accept cookies, that way the session_id is added to the url and you can see when it is and when it is not passed correctly. when accepting cookies, the session_id is in the cookie and you see nothing which is bad for testing.

 

 

I see the session id in every page url. that is how I figured out it is getting a new one once I click on the drop down menu. If I take out the code then I have to add back a .htaccess file to keep people out but the customers then have to log in twice. Once to get past the .htaccess file and once to be able to place an order.

 

I think if I can figure out how to get the drop down menu to pass the existing session ID rather than assigning a new one it will solve most of my problems.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...