stevejebson Posted March 24, 2005 Share Posted March 24, 2005 ok, usual story, www.hitekhairtools.co.uk is the store, problem i believe is that a sessionID is not being appended to url when i navigate around the nonssl side and when i arrive at the ssl side (shared) the sessionID is appended to the url but tha cart data is lost. Having exhausted all the diferrent config.php settings i'm wondering of it anything to do with the htaccess files.... Non SSl version (i.e. all commented out) # session.auto_start=0 # <IfModule mod_php4.c> # php_value session.use_trans_sid 0 # php_value register_globals 1 # </IfModule> SSl version session.auto_start=0 <IfModule mod_php4.c> php_value session.use_trans_sid 0 php_value register_globals 1 </IfModule> i'm at the stage of avoiding phone calls from the shop owner as i've been trying to resolve this problem for 2 weeks now so any help would be gratefully received. thanks steve Link to comment Share on other sites More sharing options...
stevejebson Posted March 24, 2005 Author Share Posted March 24, 2005 ok, i'm getting desperate to get this problem solved, ?50 goes to whoever helps me get to the solution...wether you want it or not! Link to comment Share on other sites More sharing options...
Geotex Posted March 24, 2005 Share Posted March 24, 2005 ok, i'm getting desperate to get this problem solved, ?50 goes to whoever helps me get to the solution...wether you want it or not! <{POST_SNAPBACK}> The problem is in your configuration file, and the way you have defined your paths to the http server and https server. As to a fee, you can contribute to the osCommerce team to help them keep up the fine work on this system. Post your config file to this group AFTER REMOVING YOUR DATABASE LOGIN INFORMATION!!!!! GEOTEX from Houston, TX (George) Link to comment Share on other sites More sharing options...
stevejebson Posted March 24, 2005 Author Share Posted March 24, 2005 As to a fee, you can contribute to the osCommerce team to help them keep up the fine work on this system. <{POST_SNAPBACK}> that's a deal, monies will be posted to team. ok, do you think thatvthe config settings affect if the sessionid is appended to the url on the nonssl side ? i've been through 3 days of changing the config file (thanks alpha ray & rhea) so here goes... define('HTTPS_SERVER', 'https://secure1.merchantservices.net/hitekh1'); // !!!! this eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? // !!!! this define('HTTP_COOKIE_DOMAIN', 'www.hitekhairtools.co.uk'); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', ''); // !!!! this define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', 'c:/inetpub/wwwroot/PHP/hitek/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'blah'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'blah'); define('DB_SERVER_PASSWORD', 'blah'); define('DB_DATABASE', 'hitekh'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' // STS: ADD: Define Simple Template System files define('STS_START_CAPTURE', DIR_WS_INCLUDES . 'sts_start_capture.php'); define('STS_STOP_CAPTURE', DIR_WS_INCLUDES . 'sts_stop_capture.php'); define('STS_RESTART_CAPTURE', DIR_WS_INCLUDES . 'sts_restart_capture.php'); define('STS_TEMPLATE_DIR', DIR_WS_INCLUDES . 'sts_templates/'); define('STS_DEFAULT_TEMPLATE', DIR_WS_INCLUDES . 'sts_template.html'); define('STS_DISPLAY_OUTPUT', DIR_WS_INCLUDES . 'sts_display_output.php'); define('STS_USER_CODE', DIR_WS_INCLUDES . 'sts_user_code.php'); // STS: EOADD Link to comment Share on other sites More sharing options...
Geotex Posted March 24, 2005 Share Posted March 24, 2005 Unless there is something with the STS section of the config file (I don't use the templates) this should track your cookie information so that sessions can be properly tracked. Also, I have had some server setups that I had to redifine sessions path in the admin panel (Admin Panel/configuration/sessions), even though sessions are set to be tracked in mySQL. I chose catalog/includes/languages as this is a writeable directory. Sessions Title Value Action Session Directory catalog/includes/languages Force Cookie Use False Info Check SSL Session ID False Info Check User Agent False Info Check IP Address False Info Prevent Spider Sessions False Info Recreate Session True Info hth <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.hitekhairtools.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://secure1.merchantservices.net/hitekh1'); // !!!! this eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? // !!!! this define('HTTP_COOKIE_DOMAIN', 'www.hitekhairtools.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'secure1.merchantservices.net/hitekh1'); define('HTTP_COOKIE_PATH', '/catalog'); define('HTTPS_COOKIE_PATH', '/catalog'); // !!!! this define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', 'c:/inetpub/wwwroot/PHP/hitek/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'blah'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'blah'); define('DB_SERVER_PASSWORD', 'blah'); define('DB_DATABASE', 'hitekh'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' // STS: ADD: Define Simple Template System files define('STS_START_CAPTURE', DIR_WS_INCLUDES . 'sts_start_capture.php'); define('STS_STOP_CAPTURE', DIR_WS_INCLUDES . 'sts_stop_capture.php'); define('STS_RESTART_CAPTURE', DIR_WS_INCLUDES . 'sts_restart_capture.php'); define('STS_TEMPLATE_DIR', DIR_WS_INCLUDES . 'sts_templates/'); define('STS_DEFAULT_TEMPLATE', DIR_WS_INCLUDES . 'sts_template.html'); define('STS_DISPLAY_OUTPUT', DIR_WS_INCLUDES . 'sts_display_output.php'); define('STS_USER_CODE', DIR_WS_INCLUDES . 'sts_user_code.php'); // STS: EOADD ?> GEOTEX from Houston, TX (George) Link to comment Share on other sites More sharing options...
♥Vger Posted March 24, 2005 Share Posted March 24, 2005 If parts of your .htaccess file relate to password protection then leave that in place, otherwise delete all of the rest. If you have FrontPage extensions installed - get them uninstalled, and delete any folders with vti_ at the start. George was trying to help, but the https cookie domain is wrong - leave this blank. Vger Link to comment Share on other sites More sharing options...
Geotex Posted March 25, 2005 Share Posted March 25, 2005 If parts of your .htaccess file relate to password protection then leave that in place, otherwise delete all of the rest. If you have FrontPage extensions installed - get them uninstalled, and delete any folders with vti_ at the start. George was trying to help, but the https cookie domain is wrong - leave this blank. Vger <{POST_SNAPBACK}> many servers can handle a blank, but not all. In order to get reliable cookie tracking on a variety of servers, I have had to specify cookie domain. GEOTEX from Houston, TX (George) Link to comment Share on other sites More sharing options...
♥Vger Posted March 25, 2005 Share Posted March 25, 2005 It does depend on the arrangement of the server as to whether to specify a cookie domain for https, but it would not be: 'secure1.merchantservices.net/hitekh1' If it is going to be used it would have to be a domain, and not a domain plus a file pathway: 'secure1.merchantservices.net' Full SSL certs are so cheap these days that there's a diminishing need for use of shared ssl's. Vger Link to comment Share on other sites More sharing options...
Geotex Posted March 25, 2005 Share Posted March 25, 2005 It does depend on the arrangement of the server as to whether to specify a cookie domain for https, but it would not be: 'secure1.merchantservices.net/hitekh1' If it is going to be used it would have to be a domain, and not a domain plus a file pathway: 'secure1.merchantservices.net' Full SSL certs are so cheap these days that there's a diminishing need for use of shared ssl's. Vger <{POST_SNAPBACK}> I am in total agreement with you on this, and encourage any of my ecommerce customers to have their own certificate (even to the point that I give them a free dedicated IP address if they do). However, so many hosting companies offer free ssl certs. I had to buy one to install on my dedicated servers that I rent space on just to keep even with the competition. GEOTEX from Houston, TX (George) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.