session id showing in URL

[♥Monika in Germany]

Hi,

 

I've set store sessions to mysql, have cookies enabled and still as soon as I click on login the session id is added to the url. Something must be set wrong in my admin or the configure.php, right?

 

here is my configure.php:

 

  define('HTTP_SERVER', 'http://www.painted4kids.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://painted4kids.hostexcellence.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.painted4kids.com');
 define('HTTPS_COOKIE_DOMAIN', 'painted4kids.hostexcellence.com/');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/hsphere/local/home/kristin/painted4kids.com/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', ...); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', ...);
 define('DB_SERVER_PASSWORD', ...);
 define('DB_DATABASE', ...);
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

TIA

Monika

[Guest]

First thing I would check, is there a cookie on your local PC from your site? does it contain the session id?

 

If not then your PC is not accepting cookies.

[♥Monika in Germany]

First thing I would check, is there a cookie on your local PC from your site?  does it contain the session id?

 

If not then your PC is not accepting cookies.

<{POST_SNAPBACK}>

 

 

well I have a gazillion new cookies from today only, but none from the site ... how is that possible?

 

:-(

Monika

[Guest]

well I have a gazillion new cookies from today only, but none from the site ... how is that possible?

 

:-(

Monika

<{POST_SNAPBACK}>

 

 

Take of the www in your HTTP_COOKIE_DOMAIN

 

should read

 

define('HTTP_COOKIE_DOMAIN', 'painted4kids.com');

 

then try it

[♥Monika in Germany]

Take of the www in your HTTP_COOKIE_DOMAIN

 

should read

 

define('HTTP_COOKIE_DOMAIN', 'painted4kids.com');

 

then try it

<{POST_SNAPBACK}>

 

 

tried that, and no luck :-(. BTW, the autologin cookie that uses HTTPS worked just fine all along ... just not the regular coookies.

 

Any other ideas?

 

thanks

Monika

[Guest]

tried that, and no luck :-(. BTW, the autologin cookie that uses HTTPS worked just fine all along ... just not the regular coookies.

 

Any other ideas?

 

thanks

Monika

<{POST_SNAPBACK}>

 

 

I went to your site and it set a cookie on my PC, so definitely something up with your PC not the site.

[♥Monika in Germany]

I went to your site and it set a cookie on my PC, so definitely something up with your PC not the site.

<{POST_SNAPBACK}>

 

that means my settings are ok? good ... hmmm ... I checked my cookie settings on my PC and they are set to medium security ... like I said the autologon cookie works, as do a gazillion otehrs like eBay etc.

 

No clue then ... thanks for your help!

 

:'(

Monika

[♥Vger]

Medium Security allows for first party cookies to be accepted, but not 3rd party cookies and painted4kids.hostexcellence.com would be a 3rd party cookie (as it is a folder on another domain).

 

Vger

[♥Monika in Germany]

Medium Security allows for first party cookies to be accepted, but not 3rd party cookies and painted4kids.hostexcellence.com would be a 3rd party cookie (as it is a folder on another domain).

 

Vger

<{POST_SNAPBACK}>

 

 

Rhea, I don't understand.

 

I changed my settings to accept ALL cookies (lowest setting), yet there is none from painted4kids. It still displays that *** osC ID.

 

Monika

[♥Vger]

Well, I have never accepted the official line on osCommerce and cookies, which goes something like this "osCommerce will try to place a cookie and will only show a session id if cookies are not enabled on the users computer". I have multiple osCommerce websites and none of them place cookies, unless they run a full ssl cert and have Force Cookie Use set to 'true'.

 

Vger

[♥Monika in Germany]

Well, I have never accepted the official line on osCommerce and cookies, which goes something like this "osCommerce will try to place a cookie and will only show a session id if cookies are not enabled on the users computer".  I have multiple osCommerce websites and none of them place cookies, unless they run a full ssl cert and have Force Cookie Use set to 'true'.

 

Vger

<{POST_SNAPBACK}>

 

meaning as long as my client doesn't buy a full cert, session ids will be shown? ugh! Her domains allows for full certs, still she doesn't want to get one now.

 

thanks

Monika

[♥Vger]

Once you have a dedicated ip address the actual cost of a full ssl cert (provided you can install from your web hosting control panel) is just $49 a year from www.ev1servers.net

 

Vger

[♥Monika in Germany]

Once you have a dedicated ip address the actual cost of a full ssl cert (provided you can install from your web hosting control panel) is just $49 a year from www.ev1servers.net

 

Vger

<{POST_SNAPBACK}>

 

I know Rhea ... she still isn't interested, even though I tld her how low the costs are. The host has dedicated IPs and allows for certs to be installed. I said UGH! didn't I LOL ...

 

:-)

Monika

[♥Vger]

If your customer is not prepared to spend the money - then she'll just have to put up with the limitations.

 

Vger