Guest Posted May 22, 2007 Share Posted May 22, 2007 Hi there,I've installed Session Regeneration on my Test site but not sure if working because there are no SIDs visible after log_in. The SIDs are never visible in Firefox browser, and only visible for one click in IE6 upon entering site. Is this normal? The SIDs behaved this way before the mod was installed. OSC 2.2 MS2 060817 (minus general.php buggy fix for country id) PHP 4.4.4 SSL enabled (dedicated as far as I know as site moved when SSL installed) recreate sessions = True Force cookie = False MODS installed from memory: Spider Session Remover, Header Tags Controller, Active Countries (Fab - thanks Enigma!), Anti-Robot Registration, Paypal IPN I haven't insalled Regisetr Globals contribution so assume I don't have it and think I installed your mod correctly. My questions: 1) is that normal SID behaviour? (to disappear after one click - sounds similar to what Becki posted?) 2) how will I know if the SID are being replaced if I can't see them? 3) please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!). Hope that makes sense, any pointers appreciated. Tiger Can you post a link to the login page of your page so I can see it? Quote Link to comment Share on other sites More sharing options...
Guest Posted May 22, 2007 Share Posted May 22, 2007 My questions:1) is that normal SID behaviour? (to disappear after one click - sounds similar to what Becki posted?) 2) how will I know if the SID are being replaced if I can't see them? 3) please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!). Hope that makes sense, any pointers appreciated. Tiger Well I just checked. It is working as expected. You may have your browser's privacy settings to allow cookies from your store so you won't see the session appended always to the url (is wrapped with the cookie). But you can change the browser settings to block all cookies so you can see the session changing during login Quote Link to comment Share on other sites More sharing options...
tigergirl Posted May 22, 2007 Share Posted May 22, 2007 Well I just checked. It is working as expected. You may have your browser's privacy settings to allow cookies from your store so you won't see the session appended always to the url (is wrapped with the cookie). But you can change the browser settings to block all cookies so you can see the session changing during login Thanks for looking Enigma. I feel real dumb not knowing about the cookies in the browser, doh! I can see it switching SIDs now. I see a problem - if I am logged in with items in the cart, log out, add some items to cart and log in, there are no saved cart items, only the ones just added. If I am logged in with cart items and log out, log-in, the cart items are there. Shouldn't the items be saved in the cart? Why does adding items and logging in overide the saved cart? Thanks Tiger Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
Guest Posted May 22, 2007 Share Posted May 22, 2007 Thanks for looking Enigma. I feel real dumb not knowing about the cookies in the browser, doh! I can see it switching SIDs now. I see a problem - if I am logged in with items in the cart, log out, add some items to cart and log in, there are no saved cart items, only the ones just added. If I am logged in with cart items and log out, log-in, the cart items are there. Shouldn't the items be saved in the cart? Why does adding items and logging in overide the saved cart? Thanks Tiger You only have one item in your store. So I am not sure how you're testing this. Items will be merged (so do not expect to see a quantity update) but this has nothing to do with session regeneration. I tested the contribution with the stock osc. I do not see the problem you're describing even with multiple items and your store has one item so I cannot see if it's happening there. Quote Link to comment Share on other sites More sharing options...
tigergirl Posted May 22, 2007 Share Posted May 22, 2007 You only have one item in your store. So I am not sure how you're testing this. Items will be merged (so do not expect to see a quantity update) but this has nothing to do with session regeneration. I tested the contribution with the stock osc. I do not see the problem you're describing even with multiple items and your store has one item so I cannot see if it's happening there. thanks again for taking time to help. I added some more test producst and did a few tests. It's the quantities that are re-setting to the most recent cart contents when you log-in, but perhaps that happened before this mod? It's normal? Items will be merged (so do not expect to see a quantity update) If I added a different item to cart and logged in the previous cart was saved and the new item added. Ok, well the cart update thing is not major and maybe normal behaviour, better to have new SIDs to prevent customer problems from SE listing SIDs. Are you able to help with this point: please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!). Jjust that it was mentioned here earlier... Very kind of you to take so much time on this. Tiger Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
Guest Posted May 22, 2007 Share Posted May 22, 2007 thanks again for taking time to help. I added some more test producst and did a few tests. It's the quantities that are re-setting to the most recent cart contents when you log-in, but perhaps that happened before this mod? It's normal? As far I am aware that's the default behavior http://demo.oscommerce.com Are you able to help with this point:please can you explain the correct way to use tep_href_link with a text link to categories on the home page so I don't loose sessions - I searched a whole day and can't find something that doesn't cause an unexpected T String (sorry if asking in wrong place!). Jjust that it was mentioned here earlier... better if you post your tep_href_link code in the general support forum, so someone can help. For this thread I will not respond to issues that aren't session regeneration related. Quote Link to comment Share on other sites More sharing options...
tigergirl Posted May 22, 2007 Share Posted May 22, 2007 As far I am aware that's the default behaviorhttp://demo.oscommerce.com better if you post your tep_href_link code in the general support forum, so someone can help. For this thread I will not respond to issues that aren't session regeneration related. no problem, I'll create a separate post for the tep_href_link. Anyways, thanks for your help and for the contribution. No doubt see you around another time. Cheers Tiger Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
Seren2 Posted June 5, 2007 Share Posted June 5, 2007 I need some clarification about the install documentation... The install doc says, "If you do not have register globals installed function tep_session_regenerate..." It is unclear which page we should search and which page this should be installed in. It could be \catalog\includes\classes\navigation_history.php but I was wondering if it should go in \catalog\includes\functions\html_output.php Quote Problem solving is a lifestyle, not an isolated activity. Link to comment Share on other sites More sharing options...
Guest Posted June 5, 2007 Share Posted June 5, 2007 I need some clarification about the install documentation... The install doc says, "If you do not have register globals installed function tep_session_regenerate..." It is unclear which page we should search and which page this should be installed in. It could be \catalog\includes\classes\navigation_history.php but I was wondering if it should go in \catalog\includes\functions\html_output.php there are only 2 files altered in this contribution and a new function is added. That function is in the same file 1. Modify catalog\includes\functions\sessions.php 1.1 Locate the following code: function tep_session_recreate() { Add just before it: Quote Link to comment Share on other sites More sharing options...
webarton Posted December 21, 2007 Share Posted December 21, 2007 Hello, I've been wondering how I can avoid session hijacking and I found this contribution. I'd like to try it but I'm not sure if that's enough against session hijacking. I also set 'true' in 'Check SSL Session ID' , 'Prevent Spider Sessions' and 'Recreate Sessions' in my admin page. I heard I should set as session.referer_check = "www.test.com" in php.ini but I can't edit php.ini because my web space is in a shared server. and I also tried to edit .htaccess as php_value session.referer_check = "www.test.com" but once I upload the .htaccess file. 'internal server error' occurs. Unfortunately I'm not goot at these things but I'd like to make a safe shopping site. Should I do anything more against session hijacking? Thanks osCommerce 2.2-MS2. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.