Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Session Regeneration


Guest
 Share

Recommended Posts

Hi there,

I've installed Session Regeneration on my Test site but not sure if working because there are no SIDs visible after log_in. The SIDs are never visible in Firefox browser, and only visible for one click in IE6 upon entering site. Is this normal? The SIDs behaved this way before the mod was installed.

 

OSC 2.2 MS2 060817 (minus general.php buggy fix for country id)

PHP 4.4.4

SSL enabled (dedicated as far as I know as site moved when SSL installed)

recreate sessions = True

Force cookie = False

MODS installed from memory: Spider Session Remover, Header Tags Controller, Active Countries (Fab - thanks Enigma!), Anti-Robot Registration, Paypal IPN

I haven't insalled Regisetr Globals contribution so assume I don't have it and think I installed your mod correctly.

 

My questions:

1) is that normal SID behaviour? (to disappear after one click - sounds similar to what Becki posted?)

2) how will I know if the SID are being replaced if I can't see them?

3) please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!).

 

Hope that makes sense, any pointers appreciated.

 

Tiger

 

Can you post a link to the login page of your page so I can see it?

Link to comment
Share on other sites

  • Replies 84
  • Created
  • Last Reply

Top Posters In This Topic

My questions:

1) is that normal SID behaviour? (to disappear after one click - sounds similar to what Becki posted?)

2) how will I know if the SID are being replaced if I can't see them?

3) please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!).

 

Hope that makes sense, any pointers appreciated.

 

Tiger

 

Well I just checked. It is working as expected. You may have your browser's privacy settings to allow cookies from your store so you won't see the session appended always to the url (is wrapped with the cookie). But you can change the browser settings to block all cookies so you can see the session changing during login

Link to comment
Share on other sites

Well I just checked. It is working as expected. You may have your browser's privacy settings to allow cookies from your store so you won't see the session appended always to the url (is wrapped with the cookie). But you can change the browser settings to block all cookies so you can see the session changing during login

 

Thanks for looking Enigma. I feel real dumb not knowing about the cookies in the browser, doh! I can see it switching SIDs now.

 

I see a problem - if I am logged in with items in the cart, log out, add some items to cart and log in, there are no saved cart items, only the ones just added.

If I am logged in with cart items and log out, log-in, the cart items are there.

 

Shouldn't the items be saved in the cart? Why does adding items and logging in overide the saved cart?

 

Thanks

Tiger

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

Thanks for looking Enigma. I feel real dumb not knowing about the cookies in the browser, doh! I can see it switching SIDs now.

 

I see a problem - if I am logged in with items in the cart, log out, add some items to cart and log in, there are no saved cart items, only the ones just added.

If I am logged in with cart items and log out, log-in, the cart items are there.

 

Shouldn't the items be saved in the cart? Why does adding items and logging in overide the saved cart?

 

Thanks

Tiger

You only have one item in your store. So I am not sure how you're testing this. Items will be merged (so do not expect to see a quantity update) but this has nothing to do with session regeneration. I tested the contribution with the stock osc. I do not see the problem you're describing even with multiple items and your store has one item so I cannot see if it's happening there.

Link to comment
Share on other sites

You only have one item in your store. So I am not sure how you're testing this. Items will be merged (so do not expect to see a quantity update) but this has nothing to do with session regeneration. I tested the contribution with the stock osc. I do not see the problem you're describing even with multiple items and your store has one item so I cannot see if it's happening there.

 

thanks again for taking time to help. I added some more test producst and did a few tests. It's the quantities that are re-setting to the most recent cart contents when you log-in, but perhaps that happened before this mod? It's normal?

Items will be merged (so do not expect to see a quantity update)
If I added a different item to cart and logged in the previous cart was saved and the new item added.

 

Ok, well the cart update thing is not major and maybe normal behaviour, better to have new SIDs to prevent customer problems from SE listing SIDs.

 

Are you able to help with this point:

please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!). Jjust that it was mentioned here earlier...

 

Very kind of you to take so much time on this.

 

Tiger

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

thanks again for taking time to help. I added some more test producst and did a few tests. It's the quantities that are re-setting to the most recent cart contents when you log-in, but perhaps that happened before this mod? It's normal?

As far I am aware that's the default behavior

http://demo.oscommerce.com

 

Are you able to help with this point:

please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!). Jjust that it was mentioned here earlier...

better if you post your tep_href_link code in the general support forum, so someone can help. For this thread I will not respond to issues that aren't session regeneration related.

Link to comment
Share on other sites

As far I am aware that's the default behavior

http://demo.oscommerce.com

better if you post your tep_href_link code in the general support forum, so someone can help. For this thread I will not respond to issues that aren't session regeneration related.

 

no problem, I'll create a separate post for the tep_href_link.

 

Anyways, thanks for your help and for the contribution. No doubt see you around another time.

 

Cheers

Tiger

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

  • 2 weeks later...

I need some clarification about the install documentation...

 

The install doc says, "If you do not have register globals installed function tep_session_regenerate..." It is unclear which page we should search and which page this should be installed in.

 

It could be \catalog\includes\classes\navigation_history.php but I was wondering if it should go in \catalog\includes\functions\html_output.php

Problem solving is a lifestyle, not an isolated activity.

Link to comment
Share on other sites

I need some clarification about the install documentation...

 

The install doc says, "If you do not have register globals installed function tep_session_regenerate..." It is unclear which page we should search and which page this should be installed in.

 

It could be \catalog\includes\classes\navigation_history.php but I was wondering if it should go in \catalog\includes\functions\html_output.php

there are only 2 files altered in this contribution and a new function is added. That function is in the same file

 

1. Modify catalog\includes\functions\sessions.php

 

1.1 Locate the following code:

 

function tep_session_recreate() {

 

Add just before it:

Link to comment
Share on other sites

  • 6 months later...

Hello, I've been wondering how I can avoid session hijacking and I found this contribution.

I'd like to try it but I'm not sure if that's enough against session hijacking.

 

I also set 'true' in 'Check SSL Session ID' , 'Prevent Spider Sessions' and 'Recreate Sessions' in my admin page.

 

I heard I should set as

session.referer_check = "www.test.com"

in php.ini but I can't edit php.ini because my web space is in a shared server.

 

and I also tried to edit .htaccess as

php_value session.referer_check = "www.test.com"

but once I upload the .htaccess file. 'internal server error' occurs.

 

Unfortunately I'm not goot at these things but I'd like to make a safe shopping site.

Should I do anything more against session hijacking?

Thanks

 

osCommerce 2.2-MS2.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...