Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

is this why i'm losing cart data at login ??


stevejebson

Recommended Posts

ok, usual story, www.hitekhairtools.co.uk is the store, problem i believe is that a sessionID is not being appended to url when i navigate around the nonssl side and when i arrive at the ssl side (shared) the sessionID is appended to the url but tha cart data is lost. Having exhausted all the diferrent config.php settings i'm wondering of it anything to do with the htaccess files....

 

Non SSl version (i.e. all commented out)

 

# session.auto_start=0

# <IfModule mod_php4.c>

# php_value session.use_trans_sid 0

# php_value register_globals 1

# </IfModule>

 

 

SSl version

 

session.auto_start=0

<IfModule mod_php4.c>

php_value session.use_trans_sid 0

php_value register_globals 1

</IfModule>

 

 

i'm at the stage of avoiding phone calls from the shop owner as i've been trying to resolve this problem for 2 weeks now so any help would be gratefully received.

 

thanks

 

steve

Link to comment
Share on other sites

ok, i'm getting desperate to get this problem solved, ?50 goes to whoever helps me get to the solution...wether you want it or not!

 

The problem is in your configuration file, and the way you have defined your paths to the http server and https server. As to a fee, you can contribute to the osCommerce team to help them keep up the fine work on this system.

 

Post your config file to this group AFTER REMOVING YOUR DATABASE LOGIN INFORMATION!!!!!

GEOTEX from Houston, TX

 

(George)

Link to comment
Share on other sites

As to a fee, you can contribute to the osCommerce team to help them keep up the fine work on this system.

that's a deal, monies will be posted to team.

 

 

ok, do you think thatvthe config settings affect if the sessionid is appended to the url on the nonssl side ? i've been through 3 days of changing the config file (thanks alpha ray & rhea) so here goes...

 

define('HTTPS_SERVER', 'https://secure1.merchantservices.net/hitekh1'); // !!!! this eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure? // !!!! this

define('HTTP_COOKIE_DOMAIN', 'www.hitekhairtools.co.uk');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', ''); // !!!! this

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', 'c:/inetpub/wwwroot/PHP/hitek/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'blah'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'blah');

define('DB_SERVER_PASSWORD', 'blah');

define('DB_DATABASE', 'hitekh');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

// STS: ADD: Define Simple Template System files

define('STS_START_CAPTURE', DIR_WS_INCLUDES . 'sts_start_capture.php');

define('STS_STOP_CAPTURE', DIR_WS_INCLUDES . 'sts_stop_capture.php');

define('STS_RESTART_CAPTURE', DIR_WS_INCLUDES . 'sts_restart_capture.php');

define('STS_TEMPLATE_DIR', DIR_WS_INCLUDES . 'sts_templates/');

define('STS_DEFAULT_TEMPLATE', DIR_WS_INCLUDES . 'sts_template.html');

define('STS_DISPLAY_OUTPUT', DIR_WS_INCLUDES . 'sts_display_output.php');

define('STS_USER_CODE', DIR_WS_INCLUDES . 'sts_user_code.php');

// STS: EOADD

Link to comment
Share on other sites

Unless there is something with the STS section of the config file (I don't use the templates) this should track your cookie information so that sessions can be properly tracked. Also, I have had some server setups that I had to redifine sessions path in the admin panel (Admin Panel/configuration/sessions), even though sessions are set to be tracked in mySQL. I chose catalog/includes/languages as this is a writeable directory.

 

Sessions 

Title  Value  Action

Session Directory  catalog/includes/languages 

Force Cookie Use  False  Info

Check SSL Session ID  False  Info

Check User Agent  False  Info

Check IP Address  False  Info

Prevent Spider Sessions  False  Info

Recreate Session  True  Info

 

 

 

hth

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.hitekhairtools.co.uk'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://secure1.merchantservices.net/hitekh1'); // !!!! this eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure? // !!!! this
define('HTTP_COOKIE_DOMAIN', 'www.hitekhairtools.co.uk');
define('HTTPS_COOKIE_DOMAIN', 'secure1.merchantservices.net/hitekh1');
define('HTTP_COOKIE_PATH', '/catalog');
define('HTTPS_COOKIE_PATH', '/catalog'); // !!!! this
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', 'c:/inetpub/wwwroot/PHP/hitek/catalog/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
define('DB_SERVER', 'blah'); // eg, localhost - should not be empty for productive servers
define('DB_SERVER_USERNAME', 'blah');
define('DB_SERVER_PASSWORD', 'blah');
define('DB_DATABASE', 'hitekh');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

// STS: ADD: Define Simple Template System files
define('STS_START_CAPTURE', DIR_WS_INCLUDES . 'sts_start_capture.php');
define('STS_STOP_CAPTURE', DIR_WS_INCLUDES . 'sts_stop_capture.php');
define('STS_RESTART_CAPTURE', DIR_WS_INCLUDES . 'sts_restart_capture.php');
define('STS_TEMPLATE_DIR', DIR_WS_INCLUDES . 'sts_templates/');
define('STS_DEFAULT_TEMPLATE', DIR_WS_INCLUDES . 'sts_template.html');
define('STS_DISPLAY_OUTPUT', DIR_WS_INCLUDES . 'sts_display_output.php');
define('STS_USER_CODE', DIR_WS_INCLUDES . 'sts_user_code.php');
// STS: EOADD
?>

GEOTEX from Houston, TX

 

(George)

Link to comment
Share on other sites

If parts of your .htaccess file relate to password protection then leave that in place, otherwise delete all of the rest.

 

If you have FrontPage extensions installed - get them uninstalled, and delete any folders with vti_ at the start.

 

George was trying to help, but the https cookie domain is wrong - leave this blank.

 

Vger

Link to comment
Share on other sites

If parts of your .htaccess file relate to password protection then leave that in place, otherwise delete all of the rest.

 

If you have FrontPage extensions installed - get them uninstalled, and delete any folders with vti_ at the start.

 

George was trying to help, but the https cookie domain is wrong - leave this blank.

 

Vger

 

many servers can handle a blank, but not all. In order to get reliable cookie tracking on a variety of servers, I have had to specify cookie domain.

GEOTEX from Houston, TX

 

(George)

Link to comment
Share on other sites

It does depend on the arrangement of the server as to whether to specify a cookie domain for https, but it would not be:

 

'secure1.merchantservices.net/hitekh1'

 

If it is going to be used it would have to be a domain, and not a domain plus a file pathway:

 

'secure1.merchantservices.net'

 

Full SSL certs are so cheap these days that there's a diminishing need for use of shared ssl's.

 

Vger

Link to comment
Share on other sites

It does depend on the arrangement of the server as to whether to specify a cookie domain for https, but it would not be:

 

'secure1.merchantservices.net/hitekh1'

 

If it is going to be used it would have to be a domain, and not a domain plus a file pathway:

 

'secure1.merchantservices.net'

 

Full SSL certs are so cheap these days that there's a diminishing need for use of shared ssl's.

 

Vger

 

I am in total agreement with you on this, and encourage any of my ecommerce customers to have their own certificate (even to the point that I give them a free dedicated IP address if they do). However, so many hosting companies offer free ssl certs. I had to buy one to install on my dedicated servers that I rent space on just to keep even with the competition.

GEOTEX from Houston, TX

 

(George)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...