Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Warning: session_start(): The session id contains


loveacrossborders

Recommended Posts

I get the following error sporadically:

 

Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /homepages/37/d92431318/htdocs/shopshot/thaishop/includes/functions/sessions.php on line 67

 

Here's lines 65 - 68 of sessions.php

  function tep_session_start() {
   return session_start();
 }

 

The session ID is repeated in the url whenever this occurs :(. What could be causing this terrible error?

Link to comment
Share on other sites

I get the following error sporadically:

Here's lines 65 - 68 of sessions.php

 ?function tep_session_start() {
? ?return session_start();
?}

 

The session ID is repeated in the url whenever this occurs :(. What could be causing this terrible error?

 

I was just able to duplicate the error myself. Basically osCommerce is giving the session ID TWICE. Here's an example what appears in the url:

 

I have a dedicated SSL certificate through 1and1. Could something with 1and1 be causing the session ID to be given twice?

 

Someone please help me to get some ideas about how to possibly fix this problem. :(

 

It definitely appears to be some issue with going from SSL to non-SSL pages. For example, when I go from the index.php (non-SSL) to the contact form (SSL) and back to the index.php (non-SSL). I get the session ID - THREE TIMES.

 

:blink: :blink: >_< :'(

Link to comment
Share on other sites

If you want to be depressed as well as confused - just do a search of the forums for '1and1'

 

Vger

 

Don't worry Vger, I've read everything about the 1and1 issues on both the osCommerce forums and ZenCart. I know that you're always there to point confused 1and1 customers in the right direction hehe. Unfortunately, I signed up for 1and1 before I started with osCommerce (back in November, 2004).

 

In the case of this thread, I only mentioned 1and1, because I want people to help me. I just wanted to provide information about my osCommerce set up, so hopefully people can share some advice as to what might be causing the multiple session IDs :(.

 

The shop is 'basically' live with a few people coming to our store. So, I hope that we can find a solution to the multiple session IDs soon.

Link to comment
Share on other sites

Are you storing sessions in files and using the Cache feature in osCommerce? If you have Cache set to 'true' I would advise setting to false. If you are storing sessions in files then I'd recommend storing in the database by changing the last line of both configure.php files to read:

 

define('STORE_SESSIONS', 'mysql');

 

Yes, I do go on about certain hosting companies (incl 1and1) but that's because sometimes myself and others have really tried to sort problems out for people (maybe 30-40 posts on just one problem) only to find out it's the way the servers are set up. We can only try to help, and it kind of gets depressing when people keep coming back with the same sort of problems because they signed up with a certain company. Many of these problems are not really related to osCommerce at all.

 

Vger

Link to comment
Share on other sites

Excellent! Thank you for both suggestions. I will try it right now. Yes, I do have page cache set to "true". I will also see what happens when I set sessions to "mysql".

 

Actually, I didn't mean for my post above to sound negative. I really appreciate that you give your time to help 1and1 users out. Otherwise a lot of people would be in the dark. I just wish that 1and1 would sort their configuration problems out.

 

Best Regards,

Shaun :)

 

 

Are you storing sessions in files and using the Cache feature in osCommerce?  If you have Cache set to 'true' I would advise setting to false.  If you are storing sessions in files then I'd recommend storing in the database by changing the last line of both configure.php files to read:

 

define('STORE_SESSIONS', 'mysql');

 

Yes, I do go on about certain hosting companies (incl 1and1) but that's because sometimes myself and others have really tried to sort problems out for people (maybe 30-40 posts on just one problem) only to find out it's the way the servers are set up.  We can only try to help, and it kind of gets depressing when people keep coming back with the same sort of problems because they signed up with a certain company.  Many of these problems are not really related to osCommerce at all.

 

Vger

Link to comment
Share on other sites

I guess that I was 'too' optimistic :(.

 

I had forgotten that I had already switched Page Cache off earlier today when I was trying to fix the session ID problem.

 

Then when I set define('STORE_SESSIONS', '') to "mysql", the strangest thing happened. The page would keep refreshing by itself every half a second. Do I need to set "Use_PConnect" to "true", before using mysql for STORE SESSIONS?

 

Any other ideas on getting rid of the multiple session IDs?

 

[edit] Well, I just tried setting "Use_PConnect" to "true". That doesn't help either >_< .

Link to comment
Share on other sites

And in addition to the error that I've posted above. These errors are at the bottom of every page that has multiple session IDs:

 

Warning: session_write_close(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /homepages/37/d92431318/htdocs/shopshot/thaishop/includes/functions/sessions.php on line 106

 

Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in /homepages/37/d92431318/htdocs/shopshot/thaishop/includes/functions/sessions.php on line 106

 

Here are lines 104 - 110 of sessions.php:

? function tep_session_close() {

? ? if (PHP_VERSION >= '4.0.4') {

? ? ? return session_write_close();

? ? } elseif (function_exists('session_close')) {

? ? ? return session_close();

? ? }

? }

 

The sessions.php file is exactly the same as how it came with osCommerce (nothing has been changed). I still feel like this is an issue caused by some SSL configuration. I've looked through everything a dozen times and I've spent three days on this problem. But I'm quite limited in my understanding of programming :(.

Link to comment
Share on other sites

*sigh*

 

I've spent another four hours today looking at code which I don't understand trying to solve this problem with the session IDs.

 

Does anyone else have suggestions? If anyone is kind enough to help, I can give you access to the shop / password / or e-mail the files in question. This is a serious problem, and I'm afraid that I can't do anything until it's fixed :(.

Link to comment
Share on other sites

Three days later I've fixed the problem!!

 

For the sake of helping anyone in the future who runs into this issue....

 

The problem was with the "Cname and Pname" contribution, which was causing the issue of multiple session IDs. All that I did was backtrack through the instructions of installing the "Cname and Pname" contribution. But the step that fixes everything is as follows:

 

In *catalog*/includes/functions/html_output.php -

 

function implode_assoc($array, $inner_glue='=', $outer_glue='&') {
      $output = array();
      foreach( $array as $key => $item )
              $output[] = $key . $inner_glue . $item;

      return implode($outer_glue, $output);
}

////
// The HTML href link wrapper function
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
   global $request_type, $session_started, $SID;

$seo = true;
$seo_pages = array('index.php', 'product_info.php');
if ( !in_array($page, $seo_pages) ) $seo = false;

   if (!tep_not_null($page)) {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
   }

   if ($connection == 'NONSSL') {
     $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
     $seo_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
   } elseif ($connection == 'SSL') {
     if (ENABLE_SSL == true) {
       $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
       $seo_link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
     } else {
       $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
       $seo_link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
     }
   } else {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');
   }

   if (tep_not_null($parameters)) {
     $link .= $page . '?' . tep_output_string($parameters);      
 # Start exploding the parameters to extract the values
 # Also, we could use parse_str($parameters) and would probably be more clean
 if ($seo){
	 $p = explode('&', $parameters);
	 krsort($p);
	 $params = array();
	 foreach ($p as $index => $valuepair) {
   $p2 = explode('=', $valuepair);
   
   switch ($p2[0]){    
   case 'products_id': 
  	 if ( defined('PRODUCT_NAME_'.$p2[1]) ){
     $params['pName'] = constant('PRODUCT_NAME_'.$p2[1]);
  	 } else { $seo = false; }
  	 break;  
   
   case 'cPath': 
  	 if ( defined('CATEGORY_NAME_'.$p2[1]) ){
     $params['cName'] = constant('CATEGORY_NAME_'.$p2[1]);
  	 } else { $seo = false; }
  	 break;
   
   default:
  	 $params[$p2[0]] = $p2[1]; 
  	 break;
   } 	 
 }
 $params_stripped = implode_assoc($params);	
 $seo_link .= $page . '?'.tep_output_string($params_stripped);   
 }
 $separator = '&';
} else {
     $link .= $page;
     $separator = '?';
  $seo = false;
   }

   while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1);

// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
   if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) {
     if (tep_not_null($SID)) {
       $_sid = $SID;
     } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
       if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
         $_sid = tep_session_name() . '=' . tep_session_id();
       }
     }
   }

   if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {
     while (strstr($link, '&&')) $link = str_replace('&&', '&', $link);
     while (strstr($seo_link, '&&')) $seo_link = str_replace('&&', '&', $seo_link);

     $link = str_replace('?', '/', $link);
     $link = str_replace('&', '/', $link);
     $link = str_replace('=', '/', $link);
     $seo_link = str_replace('?', '/', $seo_link);
     $seo_link = str_replace('&', '/', $seo_link);
     $seo_link = str_replace('=', '/', $seo_link);

     $separator = '?';
   }

if (isset($_sid)) {
     $link .= $separator . $_sid;
  $seo_link .= $separator . $_sid;
   }
if ($seo === true) return $seo_link;
else return $link;
 }

 

^ Change this code back to how it was before installing the "Cname and Pname" contribution. So replace the code above with the following:

 

////
// The HTML href link wrapper function
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
   global $request_type, $session_started, $SID;

   if (!tep_not_null($page)) {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
   }

   if ($connection == 'NONSSL') {
     $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
   } elseif ($connection == 'SSL') {
     if (ENABLE_SSL == true) {
       $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
     } else {
       $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
     }
   } else {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');
   }

   if (tep_not_null($parameters)) {
     $link .= $page . '?' . tep_output_string($parameters);
     $separator = '&';
   } else {
     $link .= $page;
     $separator = '?';
   }

   while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1);

// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
   if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) {
     if (tep_not_null($SID)) {
       $_sid = $SID;
     } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
       if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
         $_sid = tep_session_name() . '=' . tep_session_id();
       }
     }
   }

   if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {
     while (strstr($link, '&&')) $link = str_replace('&&', '&', $link);

     $link = str_replace('?', '/', $link);
     $link = str_replace('&', '/', $link);
     $link = str_replace('=', '/', $link);

     $separator = '?';
   }

   if (isset($_sid)) {
     $link .= $separator . $_sid;
   }

   return $link;
 }

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...