loveacrossborders Posted February 25, 2005 Share Posted February 25, 2005 I get the following error sporadically: Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /homepages/37/d92431318/htdocs/shopshot/thaishop/includes/functions/sessions.php on line 67 Here's lines 65 - 68 of sessions.php function tep_session_start() { return session_start(); } The session ID is repeated in the url whenever this occurs :(. What could be causing this terrible error? Link to comment Share on other sites More sharing options...
loveacrossborders Posted February 25, 2005 Author Share Posted February 25, 2005 I get the following error sporadically:Here's lines 65 - 68 of sessions.php ?function tep_session_start() { ? ?return session_start(); ?} The session ID is repeated in the url whenever this occurs :(. What could be causing this terrible error? <{POST_SNAPBACK}> I was just able to duplicate the error myself. Basically osCommerce is giving the session ID TWICE. Here's an example what appears in the url: https://www.mysite.com/shop/contact_us.php?...3317095a881bb2d I have a dedicated SSL certificate through 1and1. Could something with 1and1 be causing the session ID to be given twice? Someone please help me to get some ideas about how to possibly fix this problem. :( It definitely appears to be some issue with going from SSL to non-SSL pages. For example, when I go from the index.php (non-SSL) to the contact form (SSL) and back to the index.php (non-SSL). I get the session ID - THREE TIMES. https://www.mysite.com/shop/index.php?osCsi...3317095a881bb2d :blink: :blink: >_< :'( Link to comment Share on other sites More sharing options...
♥Vger Posted February 25, 2005 Share Posted February 25, 2005 If you want to be depressed as well as confused - just do a search of the forums for '1and1' Vger Link to comment Share on other sites More sharing options...
loveacrossborders Posted February 25, 2005 Author Share Posted February 25, 2005 If you want to be depressed as well as confused - just do a search of the forums for '1and1' Vger <{POST_SNAPBACK}> Don't worry Vger, I've read everything about the 1and1 issues on both the osCommerce forums and ZenCart. I know that you're always there to point confused 1and1 customers in the right direction hehe. Unfortunately, I signed up for 1and1 before I started with osCommerce (back in November, 2004). In the case of this thread, I only mentioned 1and1, because I want people to help me. I just wanted to provide information about my osCommerce set up, so hopefully people can share some advice as to what might be causing the multiple session IDs :(. The shop is 'basically' live with a few people coming to our store. So, I hope that we can find a solution to the multiple session IDs soon. Link to comment Share on other sites More sharing options...
♥Vger Posted February 25, 2005 Share Posted February 25, 2005 Are you storing sessions in files and using the Cache feature in osCommerce? If you have Cache set to 'true' I would advise setting to false. If you are storing sessions in files then I'd recommend storing in the database by changing the last line of both configure.php files to read: define('STORE_SESSIONS', 'mysql'); Yes, I do go on about certain hosting companies (incl 1and1) but that's because sometimes myself and others have really tried to sort problems out for people (maybe 30-40 posts on just one problem) only to find out it's the way the servers are set up. We can only try to help, and it kind of gets depressing when people keep coming back with the same sort of problems because they signed up with a certain company. Many of these problems are not really related to osCommerce at all. Vger Link to comment Share on other sites More sharing options...
loveacrossborders Posted February 25, 2005 Author Share Posted February 25, 2005 Excellent! Thank you for both suggestions. I will try it right now. Yes, I do have page cache set to "true". I will also see what happens when I set sessions to "mysql". Actually, I didn't mean for my post above to sound negative. I really appreciate that you give your time to help 1and1 users out. Otherwise a lot of people would be in the dark. I just wish that 1and1 would sort their configuration problems out. Best Regards, Shaun :) Are you storing sessions in files and using the Cache feature in osCommerce? If you have Cache set to 'true' I would advise setting to false. If you are storing sessions in files then I'd recommend storing in the database by changing the last line of both configure.php files to read: define('STORE_SESSIONS', 'mysql'); Yes, I do go on about certain hosting companies (incl 1and1) but that's because sometimes myself and others have really tried to sort problems out for people (maybe 30-40 posts on just one problem) only to find out it's the way the servers are set up. We can only try to help, and it kind of gets depressing when people keep coming back with the same sort of problems because they signed up with a certain company. Many of these problems are not really related to osCommerce at all. Vger <{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
loveacrossborders Posted February 25, 2005 Author Share Posted February 25, 2005 I guess that I was 'too' optimistic :(. I had forgotten that I had already switched Page Cache off earlier today when I was trying to fix the session ID problem. Then when I set define('STORE_SESSIONS', '') to "mysql", the strangest thing happened. The page would keep refreshing by itself every half a second. Do I need to set "Use_PConnect" to "true", before using mysql for STORE SESSIONS? Any other ideas on getting rid of the multiple session IDs? [edit] Well, I just tried setting "Use_PConnect" to "true". That doesn't help either >_< . Link to comment Share on other sites More sharing options...
loveacrossborders Posted February 25, 2005 Author Share Posted February 25, 2005 And in addition to the error that I've posted above. These errors are at the bottom of every page that has multiple session IDs: Warning: session_write_close(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /homepages/37/d92431318/htdocs/shopshot/thaishop/includes/functions/sessions.php on line 106 Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in /homepages/37/d92431318/htdocs/shopshot/thaishop/includes/functions/sessions.php on line 106 Here are lines 104 - 110 of sessions.php: ? function tep_session_close() {? ? if (PHP_VERSION >= '4.0.4') { ? ? ? return session_write_close(); ? ? } elseif (function_exists('session_close')) { ? ? ? return session_close(); ? ? } ? } The sessions.php file is exactly the same as how it came with osCommerce (nothing has been changed). I still feel like this is an issue caused by some SSL configuration. I've looked through everything a dozen times and I've spent three days on this problem. But I'm quite limited in my understanding of programming :(. Link to comment Share on other sites More sharing options...
loveacrossborders Posted February 26, 2005 Author Share Posted February 26, 2005 *sigh* I've spent another four hours today looking at code which I don't understand trying to solve this problem with the session IDs. Does anyone else have suggestions? If anyone is kind enough to help, I can give you access to the shop / password / or e-mail the files in question. This is a serious problem, and I'm afraid that I can't do anything until it's fixed :(. Link to comment Share on other sites More sharing options...
loveacrossborders Posted February 26, 2005 Author Share Posted February 26, 2005 Three days later I've fixed the problem!! For the sake of helping anyone in the future who runs into this issue.... The problem was with the "Cname and Pname" contribution, which was causing the issue of multiple session IDs. All that I did was backtrack through the instructions of installing the "Cname and Pname" contribution. But the step that fixes everything is as follows: In *catalog*/includes/functions/html_output.php - function implode_assoc($array, $inner_glue='=', $outer_glue='&') { $output = array(); foreach( $array as $key => $item ) $output[] = $key . $inner_glue . $item; return implode($outer_glue, $output); } //// // The HTML href link wrapper function function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { global $request_type, $session_started, $SID; $seo = true; $seo_pages = array('index.php', 'product_info.php'); if ( !in_array($page, $seo_pages) ) $seo = false; if (!tep_not_null($page)) { die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>'); } if ($connection == 'NONSSL') { $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG; $seo_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG; } elseif ($connection == 'SSL') { if (ENABLE_SSL == true) { $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG; $seo_link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG; } else { $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG; $seo_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG; } } else { die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>'); } if (tep_not_null($parameters)) { $link .= $page . '?' . tep_output_string($parameters); # Start exploding the parameters to extract the values # Also, we could use parse_str($parameters) and would probably be more clean if ($seo){ $p = explode('&', $parameters); krsort($p); $params = array(); foreach ($p as $index => $valuepair) { $p2 = explode('=', $valuepair); switch ($p2[0]){ case 'products_id': if ( defined('PRODUCT_NAME_'.$p2[1]) ){ $params['pName'] = constant('PRODUCT_NAME_'.$p2[1]); } else { $seo = false; } break; case 'cPath': if ( defined('CATEGORY_NAME_'.$p2[1]) ){ $params['cName'] = constant('CATEGORY_NAME_'.$p2[1]); } else { $seo = false; } break; default: $params[$p2[0]] = $p2[1]; break; } } $params_stripped = implode_assoc($params); $seo_link .= $page . '?'.tep_output_string($params_stripped); } $separator = '&'; } else { $link .= $page; $separator = '?'; $seo = false; } while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1); // Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) { if (tep_not_null($SID)) { $_sid = $SID; } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) { if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) { $_sid = tep_session_name() . '=' . tep_session_id(); } } } if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) { while (strstr($link, '&&')) $link = str_replace('&&', '&', $link); while (strstr($seo_link, '&&')) $seo_link = str_replace('&&', '&', $seo_link); $link = str_replace('?', '/', $link); $link = str_replace('&', '/', $link); $link = str_replace('=', '/', $link); $seo_link = str_replace('?', '/', $seo_link); $seo_link = str_replace('&', '/', $seo_link); $seo_link = str_replace('=', '/', $seo_link); $separator = '?'; } if (isset($_sid)) { $link .= $separator . $_sid; $seo_link .= $separator . $_sid; } if ($seo === true) return $seo_link; else return $link; } ^ Change this code back to how it was before installing the "Cname and Pname" contribution. So replace the code above with the following: //// // The HTML href link wrapper function function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { global $request_type, $session_started, $SID; if (!tep_not_null($page)) { die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>'); } if ($connection == 'NONSSL') { $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG; } elseif ($connection == 'SSL') { if (ENABLE_SSL == true) { $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG; } else { $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG; } } else { die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>'); } if (tep_not_null($parameters)) { $link .= $page . '?' . tep_output_string($parameters); $separator = '&'; } else { $link .= $page; $separator = '?'; } while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1); // Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) { if (tep_not_null($SID)) { $_sid = $SID; } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) { if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) { $_sid = tep_session_name() . '=' . tep_session_id(); } } } if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) { while (strstr($link, '&&')) $link = str_replace('&&', '&', $link); $link = str_replace('?', '/', $link); $link = str_replace('&', '/', $link); $link = str_replace('=', '/', $link); $separator = '?'; } if (isset($_sid)) { $link .= $separator . $_sid; } return $link; } Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.