[Contribution] Session Regeneration

[Guest]

ok perhaps there is another place where the seo module records the connection type. If we go back to the previous step can you try the other code for the images? Does it solve the secure non-secure inconsistencies?

[martin000]

Dear Enigma,

 

I have been using your contrib for some time and it works great. However, I'll be switching to another host with register globals ON. Therefore, I will be removing the register globals contribution. My Qn is, will your session recreation contribution still work if i uninstall the register globals contrib? Thanks a lot.

 

Regards

martin

[Guest]

Dear Enigma,

 

I have been using your contrib for some time and it works great. However, I'll be switching to another host with register globals ON. Therefore, I will be removing the register globals contribution. My Qn is, will your session recreation contribution still work if i uninstall the register globals contrib? Thanks a lot.

 

Regards

martin

You do not have to change a bunch of files and uninstall the register globals contribution just because your host has them on. Instead you could change the .htaccess file in the root of your domain by adding this to it.

php_flag register_globals 0

then all files you currently have should work. Basically you disable register globals for your domain with that switch.

[martin000]

You do not have to change a bunch of files and uninstall the register globals contribution just because your host has them on. Instead you could change the .htaccess file in the root of your domain by adding this to it.

php_flag register_globals 0

then all files you currently have should work. Basically you disable register globals for your domain with that switch.

 

 

Dear Enigma!

 

Ha. That was what I read in quite a few forums. I'm not very good at such things and I went to speak with the Startlogic people just to be sure. I asked them if there was a way to turn off register globals just for my domain and they told me to get the Virtual Hosting instead. Are they bluffing me?? I think they want to earn more bucks from me. Ha!

 

Regards

martin

[Guest]

worth trying even for a shared environment. Should be a simple change in .htaccess if you're with an apache server. Also some hosts have forums where people can ask technical questions If your host has one check there too see what the others say.

[martin000]

Dear Enigma,

 

Thanks for replying. My current host offered me a discount so Im staying on with them. So i need not bother with the register globals thingy anymore. Yippie. But I have a more serious problem. They shifted me to another server so I happily reinstalled my package. But, when I tried to create an account in my store for testing purposes, I get the following error. Perhaps you can point me in the correct direction. I did not change anything. I have tried many ways and I do not know whats wrong. Please hint? Thanks!

The PHP version is 4.4.2

I'm on shared SSL.

Session Recreate Set to On

Forced Cookie Set to Off

 

 

Warning: session_regenerate_id(): Cannot send session cookie - headers already sent by (output started at /home/name/public_html/store/includes/languages/english/create_account.php:55) in /home/name/public_html/store/includes/functions/sessions.php on line 241

 

Warning: Cannot modify header information - headers already sent by (output started at /home/name/public_html/store/includes/languages/english/create_account.php:55) in /home/name/public_html/store/includes/functions/general.php on line 44

 

Thanks dude.

 

martin

[martin000]

My sessions.php for the lines around 241 are as follows.

 

240 }

241 session_regenerate_id();

242 // set SID once, even if empty

243 $SID = (defined('SID') ? SID : '');

Edited July 15, 2006 by martin000

[Guest]

Yes check this the osc common problems page first

http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/15

[martin000]

Yes check this the osc common problems page first

http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/15

 

 

Dear Enigma,

 

THKS!

 

martin

[Foxtel]

Enigna1,

 

In function tep_session_regenerate() there is a call to this function session_regenerate_id();

Where is this function definition?

I have oscommerce as a project on my debugger and did a search for session_regenerate_id()and could not find a definition for this function.

Is this function needed?

 

-Marizka

 

[boxtel]

Enigna1,

 

In function tep_session_regenerate() there is a call to this function session_regenerate_id();

Where is this function definition?

I have oscommerce as a project on my debugger and did a search for session_regenerate_id()and could not find a definition for this function.

Is this function needed?

 

-Marizka

 

 

it is a php internal function which regenerates the session id.

 

http://tw.php.net/manual/en/function.sessi...generate-id.php

[matrix2223]

Hello all,

 

I have read numerous posts and topics related to this issue. With mixed ideas on how to go about fixing this problem.

 

It would be great if this issue would be sovled by the osC team as an update so store owners would have to worry about this.

 

In my stores I do have an updated spiders.txt, robots.txt, and in the admin panel I have force cookies>true, prevent spider sessions>true, and still I have pages indexed with the osCsids #'s.

 

One would think that this wouldn't have happend but somewhere within the code its letting the SEs go where they want to.

 

Anyway I would like to be able to rid the SEs of getting this and forcing them to get rid of the already indexed pages with osCsids attached if at all possible. I have empliment some code that boxtel had given to me back in July that keeps them from getting the id number but after months there is still a few pages that still are listed within the SEs. The post can be found here: http://www.oscommerce.com/forums/index.php?sho...&st=0

 

My question is what is one to do about getting the SEs not getting the id numbers and forcing them to get rid of the already indexed pages with the id numbers?

 

Thank you,

Eric

[boxtel]

Hello all,

 

I have read numerous posts and topics related to this issue. With mixed ideas on how to go about fixing this problem.

 

It would be great if this issue would be sovled by the osC team as an update so store owners would have to worry about this.

 

In my stores I do have an updated spiders.txt, robots.txt, and in the admin panel I have force cookies>true, prevent spider sessions>true, and still I have pages indexed with the osCsids #'s.

 

One would think that this wouldn't have happend but somewhere within the code its letting the SEs go where they want to.

 

Anyway I would like to be able to rid the SEs of getting this and forcing them to get rid of the already indexed pages with osCsids attached if at all possible. I have empliment some code that boxtel had given to me back in July that keeps them from getting the id number but after months there is still a few pages that still are listed within the SEs. The post can be found here: http://www.oscommerce.com/forums/index.php?sho...&st=0

 

My question is what is one to do about getting the SEs not getting the id numbers and forcing them to get rid of the already indexed pages with the id numbers?

 

Thank you,

Eric

 

if you force cookies, your spiders.txt file as well as "prevent spider session" are irrelevant and not even executed as no-one will ever see a session id in the url. Not spiders and not users, regardless of cookies being accepted or not.

 

So these links you speak of are old indexed links.

[silkymakeup]

Has anyone found an answer to this problem? i have everything set as everyone says, ive searched all the forums and have compared my sessions config, cache config, the mysql at the last line of my configure.php file and it is all right, yet today i got 4 customers telling me they got someone elses order confirmations. someone is posting my link on web forums with the oscid at the end, but why is this not recreating a session even though my admin DOES HAVE IT marked to recreate sessions?

[jskrovan]

I think that the SID should inlcude a 6 digit date code. Then any SIDs that are more than 2 days old could be discarded as invalid. Old SIDs without this date code would also be considered out of date. Then if your site gets linked with a SID in the URL, it can only hurt you for two days before the SID becomes invalid.

[gregNwt]

Hi All,

 

I tried this contrib and it was looking good, untill I found it had broken the way another contribution works.

 

I am using SPPC (seperate pricing per customer) and after enabling the session regeneration code the SPPC contrib stopped working.

 

Can anyone point to how I may get the 2 to work together ...?

[Guest]

I think that the SID should inlcude a 6 digit date code. Then any SIDs that are more than 2 days old could be discarded as invalid. Old SIDs without this date code would also be considered out of date. Then if your site gets linked with a SID in the URL, it can only hurt you for two days before the SID becomes invalid.

no it shouldn't. You need some garbage collector thing to cleanup sessions. And you don't want to make the sid specific.

[Becki]

no it shouldn't. You need some garbage collector thing to cleanup sessions. And you don't want to make the sid specific.

 

hi,

 

I installed this contribution and all works fine.

 

I have noticed that if you come directly to the home page and click first time on login, enter the details etc and login it takes you back to the home page and says welcome guest - not logged in!

 

I have ULTIMATE SEO URL's installed but when I turn 'recreate sessions' off I can log in first time (the way stated above). It seems with it on you need to click a couple of links to get rid of the osCid in the url (an seo thing presumably?) and then try logging in and it works.

 

Like I say though it does allow you to log in when 'recreate sessions' is off.

 

Any ideas?

 

Thanks

Becki

[Guest]

hi,

 

I installed this contribution and all works fine.

 

I have noticed that if you come directly to the home page and click first time on login, enter the details etc and login it takes you back to the home page and says welcome guest - not logged in!

 

I have ULTIMATE SEO URL's installed but when I turn 'recreate sessions' off I can log in first time (the way stated above). It seems with it on you need to click a couple of links to get rid of the osCid in the url (an seo thing presumably?) and then try logging in and it works.

 

Like I say though it does allow you to log in when 'recreate sessions' is off.

 

Any ideas?

 

Thanks

Becki

 

I don't think the utlimate seo urls has anything to do with it. Do you have something else in place that perhaps does not allow the session to be created? I remember a module that was not creating sessions till a customer added an item to his cart or something and you should not use anything like this.

 

And you need recreate sessions to on for the regeneration to work.

[Becki]

I don't think the utlimate seo urls has anything to do with it. Do you have something else in place that perhaps does not allow the session to be created? I remember a module that was not creating sessions till a customer added an item to his cart or something and you should not use anything like this.

 

And you need recreate sessions to on for the regeneration to work.

 

There is a osCid in the URL when you first enter the site, after a couple of clicks the osCid doesn't show - I remmeber this was a SEO URL thing. So i presume this means sessions are being created straight away. It seems you have to follow a couple of links until the osCid doesn't show in the URL then you can log on as normal. Although when you turn 'recreate sessions' off you can log in first time with the osCID still appended in the URL. Seems to me like it was a 'recreate sessions' combined with Ultimate SEO URL's conflict perhaps?

 

Thanks

Becki

[Guest]

There is a osCid in the URL when you first enter the site, after a couple of clicks the osCid doesn't show - I remmeber this was a SEO URL thing. So i presume this means sessions are being created straight away. It seems you have to follow a couple of links until the osCid doesn't show in the URL then you can log on as normal. Although when you turn 'recreate sessions' off you can log in first time with the osCID still appended in the URL. Seems to me like it was a 'recreate sessions' combined with Ultimate SEO URL's conflict perhaps?

 

Thanks

Becki

No, I tested it here.

Recreate session ON

Session Regeneration v1.00 installed

Ultimate SEO URLs 2.1d installed

php5.x, mysql5.x

 

Opened the browser placed a link straight to the login page. Entered password/username went in with different session id in the url and logged in successfully.

 

You must have something else that causes this.

Edited May 9, 2007 by enigma1

[Becki]

No, I tested it here.

Recreate session ON

Session Regeneration v1.00 installed

Ultimate SEO URLs 2.1d installed

php5.x, mysql5.x

 

Opened the browser placed a link straight to the login page. Entered password/username went in with different session id in the url and logged in successfully.

 

You must have something else that causes this.

 

OK, have you got any pointers?!

 

I have just turned my cookies off on IE and with 'recreate sessions' ON I cannot log in at all. If I turn 'recreate sessions' OFF I can log in both with cookies enabled and disabled. With 'recreate' ON I can only log in with cookies enabled and then only after a couple of links later which seems to tally up with removing the osCid from the URL - which it does when the cookie is setup on the browsing computer doesn't it?

 

Thanks for any help

 

Becki

[Guest]

OK, have you got any pointers?!

 

I have just turned my cookies off on IE and with 'recreate sessions' ON I cannot log in at all. If I turn 'recreate sessions' OFF I can log in both with cookies enabled and disabled. With 'recreate' ON I can only log in with cookies enabled and then only after a couple of links later which seems to tally up with removing the osCid from the URL - which it does when the cookie is setup on the browsing computer doesn't it?

 

Thanks for any help

 

Becki

you must have something else then that tries to supress the session or tries to re-use the old session. But it's not part of the stock osc or the ultimate seo urls so I don't know.

 

PS: reading that

So I had another of Chemo's code contribs installed to remove the osCid from the url's that were already stored in the SE, when the spiders follow those links the code strips it off and returns a 301 header.

can you take that part out and test it?

Edited May 9, 2007 by enigma1

[Becki]

you must have something else then that tries to supress the session or tries to re-use the old session. But it's not part of the stock osc or the ultimate seo urls so I don't know.

 

PS: reading that

 

can you take that part out and test it?

 

I'll give it ago :)

 

 

Becki

[tigergirl]

Hi there,

I've installed Session Regeneration on my Test site but not sure if working because there are no SIDs visible after log_in. The SIDs are never visible in Firefox browser, and only visible for one click in IE6 upon entering site. Is this normal? The SIDs behaved this way before the mod was installed.

 

OSC 2.2 MS2 060817 (minus general.php buggy fix for country id)

PHP 4.4.4

SSL enabled (dedicated as far as I know as site moved when SSL installed)

recreate sessions = True

Force cookie = False

MODS installed from memory: Spider Session Remover, Header Tags Controller, Active Countries (Fab - thanks Enigma!), Anti-Robot Registration, Paypal IPN

I haven't insalled Regisetr Globals contribution so assume I don't have it and think I installed your mod correctly.

 

My questions:

1) is that normal SID behaviour? (to disappear after one click - sounds similar to what Becki posted?)

2) how will I know if the SID are being replaced if I can't see them?

3) please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!).

 

Hope that makes sense, any pointers appreciated.

 

Tiger