Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SIDs, Cookies, and customer loss


hubcat

Recommended Posts

Posted

Ok I have a security/cookie question.

 

If your site has SSL (on a VPS, not shared) and Prevent Spider Sessions is set to true and Spiders.txt is up to date, then I think the only way that a SID in the URL would be an issue is if someone posted or e-mailed their link somewhere. So they could essentially only cause a problem for themselves. (As long as it isn't done by a spider.) Do I understand that correctly?

 

If that is true, then is it worth setting Force Cookie Use to False so I don't loss potential customers? Or is there another reason to Force Cookie Use?

 

Do the majority of you force cookies? And if so, have you noticed a loss in sales because of it?

 

Thanks a bunch!

Adrienne

Posted
Do I understand that correctly?

 

Yes, that is correct.

 

With 'Force Cookie Use set to 'true' you will undoubtedly lose some customers. Indeed with some payment processors (not PayPal) you have to send a session id to them or the transaction will fail.

 

Vger

Posted

Thanks for the response.

 

Hmm. Do you know if Authorize.net requires a session ID? I have been processing transactions in test mode without issue, but I have not gone into live mode yet.

 

I am still considering turning Force Cookies to False, but I just want to be sure I am not opening up a security issue.

 

Forever Learning,

Adrienne

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...