Mysterious items appearing in shopping cart

[ddp]

Here is what it happening. My /catalog folder is set as my homepage and on any given day items seem to appear in the shopping cart without being ordered.

A few days ago about 20 items appeared in the cart. At first I thought it was my assistant testing the site but when I asked her about it she said she had not added the items. I cleared the cart and then the next day a few more items appeared.

Now today an item appeared in the shopping cart that is listed as out of stock in the catalog. Since out of stock items do not appear on the site it seems to me like something is amiss.

 

This happens when I am not logged on to my account.

I am using Firefox.

 

Any help is appreciated.

[Guest]

Here is what it happening. My /catalog folder is set as my homepage and on any given day items seem to appear in the shopping cart without being ordered.

A few days ago about 20 items appeared in the cart. At first I thought it was my assistant testing the site but when I asked her about it she said she had not added the items. I cleared the cart and then the next day a few more items appeared.

Now today an item appeared in the shopping cart that is listed as out of stock in the catalog. Since out of stock items do not appear on the site it seems to me like something is amiss.

 

This happens when I am not logged on to my account.

I am using Firefox.

 

Any help is appreciated.

Michael,

 

Where do you store your sessions?

 

ed

[ddp]

Michael,

 

Where do you store your sessions?

 

ed

 

Ed

 

Thanks for replying.

 

My sessions are stored at:

define('STORE_SESSIONS', 'mysql'); in my catalog/includes/sonfigure.php file.

 

Funny thing though this problem does not seem to happen consistantly. Today for instance nothing weird in the cart.

 

Mike

[AlanR]

Is the session id always appearing in the address bar?

[ddp]

Is the session id always appearing in the address bar?

 

Yes

 

like:

http://www.deepdownproductions.com/store/n...06c379badb4e5c3

 

osCsid=6b90543cfb343764106c379badb4e5c3

[AlanR]

Yes

 

like:

http://www.deepdownproductions.com/store/n...06c379badb4e5c3

 

osCsid=6b90543cfb343764106c379badb4e5c3

Then you've most likely got a problem with the cookie domain settings in catalog/includes/configure.php

 

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

 

and people are coming into the store with identical session ids, after following some link which includes the session id. Therefore osC thinks they're all the same customer.

 

those lines need to be like:

 

define('HTTP_COOKIE_DOMAIN', 'www.deepdownproductions.com');

define('HTTPS_COOKIE_DOMAIN', 'www.deepdownproductions.com');

 

with no http://

 

The session id should disappear from the address bar after just a few clicks (after the cookie is set).

[galto]

Is any of this documented anywhere? I know I have similar issues with sessions and I'm sure it's my configuration in configure.php. I've searched and search the forums for a good explanation of ALL the variables in configure.php and haven't found anything useful. I think I once found the actual documentation for configure.php but it didn't get into any details like the above.

 

My production store is working fine. The Session Id does not show up in the URL (at least not when I am at the site). But when I am in my test environment, the session id does show up. I have the same configure.php files with the exception that the domain names are different and the database is different - but that's it. The session settings in both are:

 

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

 

So for starters, that scares me since my test environment is not behaving the same as my production environment (let's call my test environment my QA environment since that is where I put changes in right before putting them into production). But the other issue I have is that in my QA environment, I get the duplicate session id error on some pages:

 

 

1062 - Duplicate entry '1ae235248ec28fe987dcaf65f1a469ec' for key 1

 

I did just try making the suggestion change of:

 

define('HTTP_COOKIE_DOMAIN', 'www.deepdownproductions.com');

define('HTTPS_COOKIE_DOMAIN', 'www.deepdownproductions.com');

 

But the problem continued. Anyone have ideas/thoughts?

[AlanR]

It's been documented in thousands of posts here.

 

The site is definitely not setting cookies.

 

You'd better post your configure.php file (without the database details). Also check for an extra configure.php file in catalog/includes/local.

[galto]

It's been documented in thousands of posts here.

 

The site is definitely not setting cookies.

 

You'd better post your configure.php file (without the database details). Also check for an extra configure.php file in catalog/includes/local.

 

Thanks - I've been looking like crazy but haven't really found that documentation (searching +configure.php +documentation and other similar strings).

 

Here's my configure.php file. I do NOT have one in catalog/includes/local - it's empty. I guess after my original installation of OSC, I've been tweaking the configure.php file

 

define('HTTP_SERVER', 'http://www.mydomain.com/');

define('HTTPS_SERVER', 'https://www.mydomain.com/');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com/');

define('HTTPS_COOKIE_DOMAIN', 'www.mydomain.com/');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

 

define('DIR_FS_CATALOG', '/var/www/html/mydomain/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

 

In addition, I have the follow session values set in the admin/configuration/session area:

 

 

FORCE COOKIE USE = false

CHECK SSL SESSION_ID=true

CHECK USER AGENT=true

CHECK IP ADDRESS=false

PREVENT SPIDER SESSIONS=true

RECREATE SESSION =true

[AlanR]

I don't get it.

 

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '');

define('DIR_WS_HTTPS_CATALOG', '');

 

Do people think these definitions are created just for fun?

 

They're the path to the location of the osC base location, where index.php is found.

 

So they can be:

 

If the store is in root...

 

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

If the store is in catalog...

 

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', ''/catalog/');

 

and so on...

[galto]

I don't get it.

 

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '');

define('DIR_WS_HTTPS_CATALOG', '');

 

Do people think these definitions are created just for fun?

 

 

Well, I always like to keep a sense of humour about all this stuff so I enjoyed your comment "Do people think these definitions are created just for fun?"

 

But understand two things. First, you mention this stuff is documented but I have been unable to find it. And the effort to find it has been there. Second, my configure.php file was not something that I manually created but instead the result of running the webinstallation of OSC and then performing tweaks as needed (my production site has been up and running for 4 months now so I don't recall specifics of why I made these changes).

 

That said, the way I had it made somewhat sense and here's why.

 

My HTTP_SERVER definition is defined as follows: "define('HTTP_SERVER', 'http://www.mydomain.com/');"

 

Notice the last '/' at end of domain name! Since that '/' is there, there was no need to put in the '/' at the end of HTTP_COOKIE_PATH, etc.

 

So I tried your suggestion the first time and that's how I figured this out - my URLs ended up having two "//" after the domain name.

 

But I cleaned it up to have define('HTTP_SERVER', 'http://www.mydomain.com') and then added the '/' as you suggested for COOKIE_PATH, etc and it works good now. Scarey part is that is NOT how my production site is - guess I will have to try to change it tonight. When I use my production site, the session id does not show up on the URL. But when I examine my logs, I do notice that some customers do have the session_id on the URL (not sure if it's because they have cookies turned off or because of my configuration).

 

So where can I really get documentation on configure.php? These little things kill a site and I am trying to set this up the right way.

[ddp]

Then you've most likely got a problem with the cookie domain settings in catalog/includes/configure.php

 

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

 

and people are coming into the store with identical session ids, after following some link which includes the session id. Therefore osC thinks they're all the same customer.

 

those lines need to be like:

 

define('HTTP_COOKIE_DOMAIN', 'www.deepdownproductions.com');

define('HTTPS_COOKIE_DOMAIN', 'www.deepdownproductions.com');

 

with no http://

 

The session id should disappear from the address bar after just a few clicks (after the cookie is set).

 

Alan

 

Thanks for your help. I fixed the url and now the session ids are dissappearing.

 

I think I figured out where the other users are picking up the session ids from. I had made some static pages that have session ids associated with them and people were picking up on those links.