Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

how to remove session id (oscsid) from url


mickeyren

Recommended Posts

I need to have this remove because user can share links to each other and thus create problems later on.

 

don't want to use the SID killers under the contributions because I want it removed completely.

 

thanks

Best Regards,

 

David Ang

Link to comment
Share on other sites

.....some of those contributions can really mess up your website. I just finished adding a sid killer and now I have ANOTHER empty add to cart issue............ I even uninstalled everything and I STILL have an EMPTY CART problem!

 

I think you have to force cookies, in answer to your question. Right?

This whole issue of SID and cookies is really a dog! I don't want to have to do a 4th fresh install.

Link to comment
Share on other sites

yes, when i used the contribution, i had the same problem with having an empty cart all the time.

 

any idea how do i "force the cookies". its worth a try. is there any other way? what if the cookies are disabled on the client's side.

 

thanks.

Best Regards,

 

David Ang

Link to comment
Share on other sites

Hi,

 

One thing you can do is in:

 

includes/configure.php

 

change:

 

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

to:

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

This will store the sessions in the database.

 

StrictlyPC

Link to comment
Share on other sites

I need to have this remove because user can share links to each other and thus create problems later on.

 

don't want to use the SID killers under the contributions because I want it removed completely.

 

thanks

 

SID killers are for spiders, not normal customers.

 

you need session id's to run your store so the only discussion can be as to where do you retain them. you have cookies and url's.

 

normally osc will always try to store them in a cookie but if that cookie cannot be set it will add the session id to the url. Unless you enable "force cookies" which basically means "I will not allow session id's in my url's ever".

 

so when cookies are set, there is where they are retained and no session id is added to the url (except when not enabling force on the first page because at that time we do not yet know if the cookie is set).

 

if you force cookies and the cookie cannot be set, no session is started and the user will get the "cookie usage page" when adding to the cart or logging in, etc. It also means that no session variables will work like languages, currencies, etc.

 

if you do not force cookies, the session id continues to be added to the url as that is the only place we can retain that key.

 

so the differences only really become apparent when the cookie cannot be set.

As such in that case, either accept the session in the url or accept that the user cannot buy.

Treasurer MFC

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...