Guest Posted July 10, 2006 Share Posted July 10, 2006 ok perhaps there is another place where the seo module records the connection type. If we go back to the previous step can you try the other code for the images? Does it solve the secure non-secure inconsistencies? Quote Link to comment Share on other sites More sharing options...
martin000 Posted July 13, 2006 Share Posted July 13, 2006 Dear Enigma, I have been using your contrib for some time and it works great. However, I'll be switching to another host with register globals ON. Therefore, I will be removing the register globals contribution. My Qn is, will your session recreation contribution still work if i uninstall the register globals contrib? Thanks a lot. Regards martin Quote Link to comment Share on other sites More sharing options...
Guest Posted July 13, 2006 Share Posted July 13, 2006 Dear Enigma, I have been using your contrib for some time and it works great. However, I'll be switching to another host with register globals ON. Therefore, I will be removing the register globals contribution. My Qn is, will your session recreation contribution still work if i uninstall the register globals contrib? Thanks a lot. Regards martin You do not have to change a bunch of files and uninstall the register globals contribution just because your host has them on. Instead you could change the .htaccess file in the root of your domain by adding this to it. php_flag register_globals 0 then all files you currently have should work. Basically you disable register globals for your domain with that switch. Quote Link to comment Share on other sites More sharing options...
martin000 Posted July 14, 2006 Share Posted July 14, 2006 You do not have to change a bunch of files and uninstall the register globals contribution just because your host has them on. Instead you could change the .htaccess file in the root of your domain by adding this to it. php_flag register_globals 0 then all files you currently have should work. Basically you disable register globals for your domain with that switch. Dear Enigma! Ha. That was what I read in quite a few forums. I'm not very good at such things and I went to speak with the Startlogic people just to be sure. I asked them if there was a way to turn off register globals just for my domain and they told me to get the Virtual Hosting instead. Are they bluffing me?? I think they want to earn more bucks from me. Ha! Regards martin Quote Link to comment Share on other sites More sharing options...
Guest Posted July 14, 2006 Share Posted July 14, 2006 worth trying even for a shared environment. Should be a simple change in .htaccess if you're with an apache server. Also some hosts have forums where people can ask technical questions If your host has one check there too see what the others say. Quote Link to comment Share on other sites More sharing options...
martin000 Posted July 15, 2006 Share Posted July 15, 2006 Dear Enigma, Thanks for replying. My current host offered me a discount so Im staying on with them. So i need not bother with the register globals thingy anymore. Yippie. But I have a more serious problem. They shifted me to another server so I happily reinstalled my package. But, when I tried to create an account in my store for testing purposes, I get the following error. Perhaps you can point me in the correct direction. I did not change anything. I have tried many ways and I do not know whats wrong. Please hint? Thanks! The PHP version is 4.4.2 I'm on shared SSL. Session Recreate Set to On Forced Cookie Set to Off Warning: session_regenerate_id(): Cannot send session cookie - headers already sent by (output started at /home/name/public_html/store/includes/languages/english/create_account.php:55) in /home/name/public_html/store/includes/functions/sessions.php on line 241 Warning: Cannot modify header information - headers already sent by (output started at /home/name/public_html/store/includes/languages/english/create_account.php:55) in /home/name/public_html/store/includes/functions/general.php on line 44 Thanks dude. martin Quote Link to comment Share on other sites More sharing options...
martin000 Posted July 15, 2006 Share Posted July 15, 2006 (edited) My sessions.php for the lines around 241 are as follows. 240 } 241 session_regenerate_id(); 242 // set SID once, even if empty 243 $SID = (defined('SID') ? SID : ''); Edited July 15, 2006 by martin000 Quote Link to comment Share on other sites More sharing options...
Guest Posted July 15, 2006 Share Posted July 15, 2006 Yes check this the osc common problems page first http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/15 Quote Link to comment Share on other sites More sharing options...
martin000 Posted July 20, 2006 Share Posted July 20, 2006 Yes check this the osc common problems page firsthttp://www.oscommerce.info/kb/osCommerce/G...mon_Problems/15 Dear Enigma, THKS! martin Quote Link to comment Share on other sites More sharing options...
Foxtel Posted August 7, 2006 Share Posted August 7, 2006 Enigna1, In function tep_session_regenerate() there is a call to this function session_regenerate_id(); Where is this function definition? I have oscommerce as a project on my debugger and did a search for session_regenerate_id()and could not find a definition for this function. Is this function needed? -Marizka Quote Link to comment Share on other sites More sharing options...
boxtel Posted August 7, 2006 Share Posted August 7, 2006 Enigna1, In function tep_session_regenerate() there is a call to this function session_regenerate_id(); Where is this function definition? I have oscommerce as a project on my debugger and did a search for session_regenerate_id()and could not find a definition for this function. Is this function needed? -Marizka it is a php internal function which regenerates the session id. http://tw.php.net/manual/en/function.sessi...generate-id.php Quote Treasurer MFC Link to comment Share on other sites More sharing options...
matrix2223 Posted September 3, 2006 Share Posted September 3, 2006 Hello all, I have read numerous posts and topics related to this issue. With mixed ideas on how to go about fixing this problem. It would be great if this issue would be sovled by the osC team as an update so store owners would have to worry about this. In my stores I do have an updated spiders.txt, robots.txt, and in the admin panel I have force cookies>true, prevent spider sessions>true, and still I have pages indexed with the osCsids #'s. One would think that this wouldn't have happend but somewhere within the code its letting the SEs go where they want to. Anyway I would like to be able to rid the SEs of getting this and forcing them to get rid of the already indexed pages with osCsids attached if at all possible. I have empliment some code that boxtel had given to me back in July that keeps them from getting the id number but after months there is still a few pages that still are listed within the SEs. The post can be found here: http://www.oscommerce.com/forums/index.php?sho...&st=0 My question is what is one to do about getting the SEs not getting the id numbers and forcing them to get rid of the already indexed pages with the id numbers? Thank you, Eric Quote Eric Keep up on osCommerce changes and updates at Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues. Link to comment Share on other sites More sharing options...
boxtel Posted September 3, 2006 Share Posted September 3, 2006 Hello all, I have read numerous posts and topics related to this issue. With mixed ideas on how to go about fixing this problem. It would be great if this issue would be sovled by the osC team as an update so store owners would have to worry about this. In my stores I do have an updated spiders.txt, robots.txt, and in the admin panel I have force cookies>true, prevent spider sessions>true, and still I have pages indexed with the osCsids #'s. One would think that this wouldn't have happend but somewhere within the code its letting the SEs go where they want to. Anyway I would like to be able to rid the SEs of getting this and forcing them to get rid of the already indexed pages with osCsids attached if at all possible. I have empliment some code that boxtel had given to me back in July that keeps them from getting the id number but after months there is still a few pages that still are listed within the SEs. The post can be found here: http://www.oscommerce.com/forums/index.php?sho...&st=0 My question is what is one to do about getting the SEs not getting the id numbers and forcing them to get rid of the already indexed pages with the id numbers? Thank you, Eric if you force cookies, your spiders.txt file as well as "prevent spider session" are irrelevant and not even executed as no-one will ever see a session id in the url. Not spiders and not users, regardless of cookies being accepted or not. So these links you speak of are old indexed links. Quote Treasurer MFC Link to comment Share on other sites More sharing options...
silkymakeup Posted October 9, 2006 Share Posted October 9, 2006 Has anyone found an answer to this problem? i have everything set as everyone says, ive searched all the forums and have compared my sessions config, cache config, the mysql at the last line of my configure.php file and it is all right, yet today i got 4 customers telling me they got someone elses order confirmations. someone is posting my link on web forums with the oscid at the end, but why is this not recreating a session even though my admin DOES HAVE IT marked to recreate sessions? Quote Link to comment Share on other sites More sharing options...
jskrovan Posted October 18, 2006 Share Posted October 18, 2006 I think that the SID should inlcude a 6 digit date code. Then any SIDs that are more than 2 days old could be discarded as invalid. Old SIDs without this date code would also be considered out of date. Then if your site gets linked with a SID in the URL, it can only hurt you for two days before the SID becomes invalid. Quote Link to comment Share on other sites More sharing options...
gregNwt Posted February 15, 2007 Share Posted February 15, 2007 Hi All, I tried this contrib and it was looking good, untill I found it had broken the way another contribution works. I am using SPPC (seperate pricing per customer) and after enabling the session regeneration code the SPPC contrib stopped working. Can anyone point to how I may get the 2 to work together ...? Quote Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2007 Share Posted March 14, 2007 I think that the SID should inlcude a 6 digit date code. Then any SIDs that are more than 2 days old could be discarded as invalid. Old SIDs without this date code would also be considered out of date. Then if your site gets linked with a SID in the URL, it can only hurt you for two days before the SID becomes invalid. no it shouldn't. You need some garbage collector thing to cleanup sessions. And you don't want to make the sid specific. Quote Link to comment Share on other sites More sharing options...
Becki Posted May 9, 2007 Share Posted May 9, 2007 no it shouldn't. You need some garbage collector thing to cleanup sessions. And you don't want to make the sid specific. hi, I installed this contribution and all works fine. I have noticed that if you come directly to the home page and click first time on login, enter the details etc and login it takes you back to the home page and says welcome guest - not logged in! I have ULTIMATE SEO URL's installed but when I turn 'recreate sessions' off I can log in first time (the way stated above). It seems with it on you need to click a couple of links to get rid of the osCid in the url (an seo thing presumably?) and then try logging in and it works. Like I say though it does allow you to log in when 'recreate sessions' is off. Any ideas? Thanks Becki Quote Link to comment Share on other sites More sharing options...
Guest Posted May 9, 2007 Share Posted May 9, 2007 hi, I installed this contribution and all works fine. I have noticed that if you come directly to the home page and click first time on login, enter the details etc and login it takes you back to the home page and says welcome guest - not logged in! I have ULTIMATE SEO URL's installed but when I turn 'recreate sessions' off I can log in first time (the way stated above). It seems with it on you need to click a couple of links to get rid of the osCid in the url (an seo thing presumably?) and then try logging in and it works. Like I say though it does allow you to log in when 'recreate sessions' is off. Any ideas? Thanks Becki I don't think the utlimate seo urls has anything to do with it. Do you have something else in place that perhaps does not allow the session to be created? I remember a module that was not creating sessions till a customer added an item to his cart or something and you should not use anything like this. And you need recreate sessions to on for the regeneration to work. Quote Link to comment Share on other sites More sharing options...
Becki Posted May 9, 2007 Share Posted May 9, 2007 I don't think the utlimate seo urls has anything to do with it. Do you have something else in place that perhaps does not allow the session to be created? I remember a module that was not creating sessions till a customer added an item to his cart or something and you should not use anything like this. And you need recreate sessions to on for the regeneration to work. There is a osCid in the URL when you first enter the site, after a couple of clicks the osCid doesn't show - I remmeber this was a SEO URL thing. So i presume this means sessions are being created straight away. It seems you have to follow a couple of links until the osCid doesn't show in the URL then you can log on as normal. Although when you turn 'recreate sessions' off you can log in first time with the osCID still appended in the URL. Seems to me like it was a 'recreate sessions' combined with Ultimate SEO URL's conflict perhaps? Thanks Becki Quote Link to comment Share on other sites More sharing options...
Guest Posted May 9, 2007 Share Posted May 9, 2007 (edited) There is a osCid in the URL when you first enter the site, after a couple of clicks the osCid doesn't show - I remmeber this was a SEO URL thing. So i presume this means sessions are being created straight away. It seems you have to follow a couple of links until the osCid doesn't show in the URL then you can log on as normal. Although when you turn 'recreate sessions' off you can log in first time with the osCID still appended in the URL. Seems to me like it was a 'recreate sessions' combined with Ultimate SEO URL's conflict perhaps? Thanks Becki No, I tested it here. Recreate session ON Session Regeneration v1.00 installed Ultimate SEO URLs 2.1d installed php5.x, mysql5.x Opened the browser placed a link straight to the login page. Entered password/username went in with different session id in the url and logged in successfully. You must have something else that causes this. Edited May 9, 2007 by enigma1 Quote Link to comment Share on other sites More sharing options...
Becki Posted May 9, 2007 Share Posted May 9, 2007 No, I tested it here. Recreate session ON Session Regeneration v1.00 installed Ultimate SEO URLs 2.1d installed php5.x, mysql5.x Opened the browser placed a link straight to the login page. Entered password/username went in with different session id in the url and logged in successfully. You must have something else that causes this. OK, have you got any pointers?! I have just turned my cookies off on IE and with 'recreate sessions' ON I cannot log in at all. If I turn 'recreate sessions' OFF I can log in both with cookies enabled and disabled. With 'recreate' ON I can only log in with cookies enabled and then only after a couple of links later which seems to tally up with removing the osCid from the URL - which it does when the cookie is setup on the browsing computer doesn't it? Thanks for any help Becki Quote Link to comment Share on other sites More sharing options...
Guest Posted May 9, 2007 Share Posted May 9, 2007 (edited) OK, have you got any pointers?! I have just turned my cookies off on IE and with 'recreate sessions' ON I cannot log in at all. If I turn 'recreate sessions' OFF I can log in both with cookies enabled and disabled. With 'recreate' ON I can only log in with cookies enabled and then only after a couple of links later which seems to tally up with removing the osCid from the URL - which it does when the cookie is setup on the browsing computer doesn't it? Thanks for any help Becki you must have something else then that tries to supress the session or tries to re-use the old session. But it's not part of the stock osc or the ultimate seo urls so I don't know. PS: reading that So I had another of Chemo's code contribs installed to remove the osCid from the url's that were already stored in the SE, when the spiders follow those links the code strips it off and returns a 301 header. can you take that part out and test it? Edited May 9, 2007 by enigma1 Quote Link to comment Share on other sites More sharing options...
Becki Posted May 10, 2007 Share Posted May 10, 2007 you must have something else then that tries to supress the session or tries to re-use the old session. But it's not part of the stock osc or the ultimate seo urls so I don't know. PS: reading that can you take that part out and test it? I'll give it ago :) Becki Quote Link to comment Share on other sites More sharing options...
tigergirl Posted May 22, 2007 Share Posted May 22, 2007 Hi there, I've installed Session Regeneration on my Test site but not sure if working because there are no SIDs visible after log_in. The SIDs are never visible in Firefox browser, and only visible for one click in IE6 upon entering site. Is this normal? The SIDs behaved this way before the mod was installed. OSC 2.2 MS2 060817 (minus general.php buggy fix for country id) PHP 4.4.4 SSL enabled (dedicated as far as I know as site moved when SSL installed) recreate sessions = True Force cookie = False MODS installed from memory: Spider Session Remover, Header Tags Controller, Active Countries (Fab - thanks Enigma!), Anti-Robot Registration, Paypal IPN I haven't insalled Regisetr Globals contribution so assume I don't have it and think I installed your mod correctly. My questions: 1) is that normal SID behaviour? (to disappear after one click - sounds similar to what Becki posted?) 2) how will I know if the SID are being replaced if I can't see them? 3) please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!). Hope that makes sense, any pointers appreciated. Tiger Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.