Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Session Cookie set with wrong path


sky0

Recommended Posts

Hello,

 

ich have the following problem:

 

I have an old osC MS2.1 installed, and search engine friendly URLs turned on.

 

When you reach my store from a link or from google, and land directly on a product description page, the URL of this site will look like the following:

 

hxxp://www.myshop.com/product_info.php/cPath/21/products_id/201

 

I found out that a cookie with the oscsid with the following path information will be stored on the client machine:

 

/product_info.php/cPath/21/products_id/201

 

Of course this is rubbish! It should point directly to "/". Because when someone now clicks on "Buy now" on that page, the cookie will not be found on the shopping_cart.php (it is not valid for the root path), and a new cookie will be stored with a new session id. Cart is empty then of course, and the browser will have two different session cookies.

 

How do I force osC to generate cookies only with path "/" on the client machine?

 

Changing back to usual URLs is not an option, and the upgrade to 2.2 is to expensive for me.

 

I enterd the file /includes/classes/session.php and changed the setccookie statement there to:

setcookie($session->name, $session->id, $session->cookie_lifetime, '/', '.meinshop.de');

explicitly, but it has no effect.

 

Is there anybody out there to the rescue? I am screwed up.

 

Many thanks!

Link to comment
Share on other sites

Hello,

 

ich have the following problem:

 

I have an old osC MS2.1 installed, and search engine friendly URLs turned on.

 

When you reach my store from a link or from google, and land directly on a product description page, the URL of this site will look like the following:

 

hxxp://www.myshop.com/product_info.php/cPath/21/products_id/201

 

I found out that a cookie with the oscsid with the following path information will be stored on the client machine:

 

/product_info.php/cPath/21/products_id/201

 

Of course this is rubbish! It should point directly to "/". Because when someone now clicks on "Buy now" on that page, the cookie will not be found on the shopping_cart.php (it is not valid for the root path), and a new cookie will be stored with a new session id. Cart is empty then of course, and the browser will have two different session cookies.

 

How do I force osC to generate cookies only with path "/" on the client machine?

 

Changing back to usual URLs is not an option, and the upgrade to 2.2 is to expensive for me.

 

I enterd the file /includes/classes/session.php and changed the setccookie statement there to:

setcookie($session->name, $session->id, $session->cookie_lifetime, '/', '.meinshop.de');

explicitly, but it has no effect.

 

Is there anybody out there to the rescue? I am screwed up.

 

Many thanks!

 

suggest you look in includes/functions/sessions.php.

 

the class is only used if function session_start() does not exist in your system.

Treasurer MFC

Link to comment
Share on other sites

Thanks for the hint!

 

I assume that the class will not be used, because I have a relatively fresh php on my system.

 

Do you know where in the /functions/sessions.php the cookie will be set? And how to explicitly set a path in that cookie? I cannot find anything about cookies there, so I assume this will be done implicitly - right? Do you know a way to override that when storing the session ID?

 

Many thanks!

 

 

suggest you look in includes/functions/sessions.php.

 

the class is only used if function session_start() does not exist in your system.

Link to comment
Share on other sites

I found it myself! REALLY COOL! Many thanks!

 

I added a single statement to the tep_session_start in the functions/session.php, to set the cookie params:

 

 

function tep_session_start() {

session_set_cookie_params ( get_cfg_var('session.gc_maxlifetime'), '/', 'myshop.de');

return session_start();

}

 

And voila! It works as desired.

 

I am happy, this saved my sunday. Hope that somebody can use this too.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...