Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Serious problems ?250 to whoever sorts it out


stevejebson

Recommended Posts

I apologise if it's tacky but it's been getting on for 3 weeks with this problem and the store owner has said he will pay ?250 to whoever can help me sort this out. I'm happy to give logons and passwords to get at database and admin areas via personal messages. THe current configure.php is listed below to start us off, i have been round a few configurations with alpha & vger (thanks) but still need help. We are using shared ssl.

 

For what it's worth i think the problem is centered around the session id's not being appended to the url, this is somehow linked to cookie creation. A cookie is created with a session id as soon as i get onto the site, it remains constant whilst adding to the cart (but missing from url) and when i arrive at login.php (with sessionid appended to url) the cart is lost).

 

  define('HTTP_SERVER', 'http://www.hitekhairtools.co.uk');
 define('HTTPS_SERVER', 'https://secure1.merchantservices.net/hitekh1');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.hitekhairtools.co.uk');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

Link to comment
Share on other sites

The cookie is missing from your login and further pages because once you're in SSL, you don't have a cookie path defined, so there's nowhere for the cookie to go.

 

Because you're using shared SSL, you'd be better off to set your Admin -> Store Configuration -> Sessions -> Force Cookie Use setting to false, then store sessions in the database. In /catalog/includes/configure.php, it should read:

 

  define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

If you're going to use store sessions, however, MAKE SURE THAT YOU HAVE PREVENT SPIDER SESSIONS set to TRUE. I also have Recreate Spider Sessions set to FALSE.

 

The problem with stored sessions is that if they get indexed by a search engine, the osC session ID ends up being stored with the URL. If a potential customer links through the session ID, and someone else had linked through it before that, customer #2 will likely see customer #1's information. That's what happened to me. I decided that forcing cookies was the only option for my site. I have my own SSL certificate though, so can do so. With shared SSL, it apparently doesn't work.

 

You might be better off advising your customer to spend the 250 pounds to purchase his own SSL certificate. Then you can specify cookies properly in the configure file, and your problems should disappear.

 

HTH,

 

Terry

Terry Kluytmans

 

Contribs Installed: Purchase Without Account (PWA); Big Images, Product Availability, Description in Product Listing, Graphical Infobox, Header Tags Controller, Login Box, Option Type Feature, plus many layout changes & other mods of my own, like:

 

Add order total to checkout_shipment

Add order total to checkout_payment

Add radio buttons at checkout_shipping (for backorder options, etc.)

Duplicate Table Rate Shipping Module

Better Product Review Flow

 

* If at first you don't succeed, find out if there's a prize for the loser. *

Link to comment
Share on other sites

One more thing about spider sessions... Go to the Contributions section (link at top of forum pages) and search for spider. There's an updated spiders.txt file there which you should upload to your /catalog folder. That will help too.

 

Terry

Terry Kluytmans

 

Contribs Installed: Purchase Without Account (PWA); Big Images, Product Availability, Description in Product Listing, Graphical Infobox, Header Tags Controller, Login Box, Option Type Feature, plus many layout changes & other mods of my own, like:

 

Add order total to checkout_shipment

Add order total to checkout_payment

Add radio buttons at checkout_shipping (for backorder options, etc.)

Duplicate Table Rate Shipping Module

Better Product Review Flow

 

* If at first you don't succeed, find out if there's a prize for the loser. *

Link to comment
Share on other sites

The cookie is missing from your login and further pages because once you're in SSL, you don't have a cookie path defined, so there's nowhere for the cookie to go.

 

but the sessionID is missing from the url BEFORE i even get to the shared ssl and other sites i've looked at retain the sessionID on the url before they get to the ssl

 

Because you're using shared SSL, you'd be better off to set your Admin -> Store Configuration -> Sessions -> Force Cookie Use setting to false, then store sessions in the database. In /catalog/includes/configure.php, it should read:

 

define('STORE_SESSIONS', 'mysql');

 

force cookie is set to false and 'STORE_SESSIONS' is set to mysql

You might be better off advising your customer to spend the 250 pounds to purchase his own SSL certificate. Then you can specify cookies properly in the configure file, and your problems should disappear.

 

my understanding of "own ssl" is that i will need dedicated server and that looks like costing $99 permonth and i don't have the knowledge of setting up and running servers

Link to comment
Share on other sites

Steve,

 

If you want to PM me your admin URL, userID and password I'll take a look at your settings. (For the record, I am NOT looking for payment in return for helping.)

 

Terry

Terry Kluytmans

 

Contribs Installed: Purchase Without Account (PWA); Big Images, Product Availability, Description in Product Listing, Graphical Infobox, Header Tags Controller, Login Box, Option Type Feature, plus many layout changes & other mods of my own, like:

 

Add order total to checkout_shipment

Add order total to checkout_payment

Add radio buttons at checkout_shipping (for backorder options, etc.)

Duplicate Table Rate Shipping Module

Better Product Review Flow

 

* If at first you don't succeed, find out if there's a prize for the loser. *

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...