Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Force Cookie does not work


Guest

Recommended Posts

When I'm trying to use the Force Cookies option I get the following error...

 

We have detected that your browser does not support cookies, or has set cookies to be disabled. etc...

 

I'm pretty sure i have my browser's cookie option enabled. I get this both in IE and FireFox.

 

 

My PHP.ini was set to

session.use_cookies=1

session.use_only_cookies=1

 

and still I get this message.

 

There is probably something wrong with what I do but I can't seem to figure it out.

Link to comment
Share on other sites

When I'm trying to use the Force Cookies option I get the following error...

 

We have detected that your browser does not support cookies, or has set cookies to be disabled. etc...

 

I'm pretty sure i have my browser's cookie option enabled. I get this both in IE and FireFox.

My PHP.ini was set to

session.use_cookies=1

session.use_only_cookies=1

 

and still I get this message.

 

There is probably something wrong with what I do but I can't seem to figure it out.

 

 

do you have a dedicated server IP?

:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Link to comment
Share on other sites

Force Cookie Use can only work on your site if you are using no ssl or a full ssl cert. If you are using a shared ssl cert then you will always end up on the cookie_usage.php page.

 

osCommerce checks to see that the http and https domain matches, and if it doesn't this feature won't work. The only time that the http and https cookie domains match is when there's no ssl or a full ssl - as on a shared ssl the https cookie domain does not match up with the http cookie domain.

 

You should also be aware that some payment processors (not PayPal) require that you send them a session id for their payment system to work. With Force Cookie Use working no session id is sent.

 

Vger

Link to comment
Share on other sites

OK. I'm using a shared SSL on my production site and no SSL on my development env. The production site is on a shared host, but I beleive that I do have a dedicated IP (Monika is that what you nean?).

 

So this is probably the problem.

 

And this means that I cannot use cookies.

 

What can I do then if I want to share some information between my pages?

 

I'm using a FLASH module that displays the catalog nicely - reading the products dynamically on the fly from the OsCommece catalog database. and then when a user presses an "Order Now" button in the Flash module - I refer the user to the HTML catalog product page.

 

The thing is that I need to share some info when going between the HTML and the Flash catalog, such as:

 

- Chosen Language

- Remember if user has Muted the Music (so he wont need to mute it again each time he comes back to the FLASH catalog)

- Remember the session ID so the user does not need to login again and again (because after he already loged in, and goes back to the FLASH catalog and then back to the HTML catalog - he id forced to login again.)

- Display the last product the user has chosen in the FLASH catalog.

- and probably some other things...

 

Any ideas here?

 

Thanks :-)

Link to comment
Share on other sites

OK. I'm using a shared SSL on my production site and no SSL on my development env. The production site is on a shared host, but I beleive that I do have a dedicated IP (Monika is that what you nean?).

 

So this is probably the problem.

 

And this means that I cannot use cookies.

 

What can I do then if I want to share some information between my pages?

 

I'm using a FLASH module that displays the catalog nicely - reading the products dynamically on the fly from the OsCommece catalog database. and then when a user presses an "Order Now" button in the Flash module - I refer the user to the HTML catalog product page.

 

The thing is that I need to share some info when going between the HTML and the Flash catalog, such as:

 

- Chosen Language

- Remember if user has  Muted the Music (so he wont need to mute it again each time he comes back to the FLASH catalog)

- Remember the session ID so the user does not need to login again and again (because after he already loged in, and goes back to the FLASH catalog and then back to the HTML catalog - he id forced to login again.)

- Display the last product the user has chosen in the FLASH catalog.

- and probably some other things...

 

Any ideas here?

 

Thanks :-)

 

nobody said you cannot use cookies, as a matter of fact, even when not forcing cookies, osc will try to use cookies. It is when the cookie settings are wrong or the user refuses cookies that the difference occurs.

Treasurer MFC

Link to comment
Share on other sites

Thanks Boxtel - this is good news, and hopefully will solve most of my problems as I will use cookies only for the flash module (for the music and last preoduct shown etc.)...

 

But I still remain with the Session ID issue - I need to know the session ID that is used by Osc for the user session (to avoid repeated logins).

 

Can I get the session ID from a cookie - even if not using a Force cookie option? I tried to catch it using by including the application_top.php in my PHP query that return data to the Flash module - and send back $SID variable. This works as expected and I get the osCsid value - and then I send it back to the HTML pgae via GET. But still - Osc changes the SID when I enter the HTML page and ask for a login again.

 

ahh... and there is also the language issue - I need to return to the HTML catalog with the same language that was initially chosen.

 

 

Thanks :-)

Link to comment
Share on other sites

You can carry over the session without a problem to an html page (in which the Flash is generated) provided you use it in the following way.

 

Open a root level php file such as conditions.php, select Save As and save it under another name. Remove this piece of code from it:

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONDITIONS);

It's this piece of code that tells it to look for a file of the same name in includes/languages/english/ folder. Without that piece of code you do not need to add this new page to includes/filenames.

 

In the body of this new page, where it says:

<td class="main"><?php echo TEXT_INFORMATION; ?></td>

change it to:

<td class="main"><?php include('newpage.html'); ?></td>

 

Then place the html page that will hold the flash output in the root of your domain. You link to this html page via the .php page, and the sessions trail is secured. In effect you're just providing a php wrapper for the html page with the flash in it.

 

Vger

Link to comment
Share on other sites

Thanks Boxtel - this is good news, and hopefully will solve most of my problems as I will use cookies only for the flash module (for the music and last preoduct shown etc.)...

 

But I still remain with the Session ID issue - I need to know the session ID that is used by Osc for the user session (to avoid repeated logins).

 

Can I get the session ID from a cookie - even if not using a Force cookie option? I tried to catch it using by including the application_top.php in my PHP query  that return data to the Flash module - and send back  $SID variable. This works as expected and I get the osCsid value - and then I send it back to the HTML pgae via GET. But still - Osc changes the SID when I enter the HTML page and ask for a login again.

 

ahh... and there is also the language issue - I need to return to the HTML catalog with the same language that was initially chosen.

Thanks :-)

 

well, "force cookies" should be read as "I only want session id's stored in cookies and never in my url's". Because that is what it comes down to.

 

osc handles this as follows:

 

on 1st page load :

 

Generate session id and try to set a cookie with that in it.

 

if NOT forcing cookies {

also add the session id to all urls on the page just incase the cookie cannot be set so we do not lose the session.

} else {

nothing because we demand that the cookie is used

}

 

on 2nd page load:

 

Read the cookie

 

if cookie is found {

if NOT forcing cookies {

no longer add session id to url

} else {

nothing as this is what we demand and expect

}

} else { (cookie settings wrong or domain change or cookie not accepted)

if NOT forcing cookies {

continue to add the session id to the url's

} else {

the session id is lost so present the user with the cookie usage page when adding to the cart or logging in. By the way, what osc does not mention, ALL session variable functionality ceases to function, like language, currency settings, etc.

}

}

 

so you see, when forcing cookies you will NEVER see a session id in the url but when it goes wrong, cookie-wise, it goes very wrong.

Treasurer MFC

Link to comment
Share on other sites

I'm trying to not pass the Session ID in the get mode (?osCsid=###), but with normal session_register.

 

Beside remove the osCsid references on links, what else I can do to keep the Session recorder?

 

I don't want to FORCE the use of Cookies.

 

Sorry, use your topic, but I'm trying for hours find a answer without success, and U may have the answer.

Link to comment
Share on other sites

Many Thnaks Vger.

 

I took your advice and it actually solved some more problems...

{though I still need to pass the session id from the flash module}

 

:D

Yuval.

Link to comment
Share on other sites

well, "force cookies" should be read as "I only want session id's stored in cookies and never in my url's". Because that is what it comes down to.

 

osc handles this as follows:

 

on 1st page load :

 

Generate session id and try to set a cookie with that in it.

 

if NOT forcing cookies {

  also add the session id to all urls on the page just incase the cookie cannot be set so we do not lose the session.

} else {

  nothing because we demand that the cookie is used

}

 

on 2nd page load:

 

Read the cookie

 

if cookie is found {

  if NOT forcing cookies {

    no longer add session id to url

  } else {

    nothing as this is what we demand and expect

  }

} else {  (cookie settings wrong or domain change or cookie not accepted)

  if NOT forcing cookies {

    continue to add the session id to the url's

  } else {

    the session id is lost so present the user with the cookie usage page when adding to the cart or logging in. By the way, what osc does not mention, ALL session variable functionality ceases to function, like language, currency settings, etc.

  } 

}

 

so you see, when forcing cookies you will NEVER see a session id in the url but when it goes wrong, cookie-wise, it goes very wrong.

 

 

Thanks for the info boxtel,

It looks that I'm not going to Force Cookies after all... :-)

 

yuval.

Link to comment
Share on other sites

Thanks for the info boxtel,

It looks that I'm not going to Force Cookies after all...  :-)

 

yuval.

 

well, it does have its merits as you have no issues with session id's on links so you can eliminate the entire spiders.txt functionality.

 

The only drawback I have with it is that session variables do not work when the cookie does not get set.

 

That means that all my functionality like language, currency, resolution and font-size changes as well as history information don't work in that event. And it does so without warning of cookies until the user does an "action" command which triggers the "cookie usage" message. And you cannot simply make the cookie warning show up in any case because then the spiders would get that cookie usage warning on all pages they visit which would require the re-installment of the spiders.txt functionality.

 

so if you do not have a multi-language, multi-currency website and do not rely on additional session based variables, forcing cookies is a pretty good strategy (as long as your cookie settings are correct ofcourse).

Treasurer MFC

Link to comment
Share on other sites

  • 1 year later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...