Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Forced Cookies and Shared SSL


madcrabber

Recommended Posts

Posted

After hours upon hours of trial-and-error on my configure.php, finally stumbled across an article discussing a known bug with shared SSL and forced cookies: Knowledge Base - Security and Privacy Proposal

 

Turned off "Force Cookie Use" and, just like that, everything started working. However, I'm now getting this rather lengthy "osCsid=xxx" code behind each page. Still fairly new to osC, so wondering - is this normal? Also, will turning off forced cookies cause any problems down the road? Are there any alternatives with shared SSL, or is my only option to purchase a dedicated SSL?

 

Thanks.

Posted
After hours upon hours of trial-and-error on my configure.php, finally stumbled across an article discussing a known bug with shared SSL and forced cookies: Knowledge Base - Security and Privacy Proposal

 

Turned off "Force Cookie Use" and, just like that, everything started working. However, I'm now getting this rather lengthy "osCsid=xxx" code behind each page. Still fairly new to osC, so wondering - is this normal? Also, will turning off forced cookies cause any problems down the road? Are there any alternatives with shared SSL, or is my only option to purchase a dedicated SSL?

 

Thanks.

 

That force cookies does not work with shared ssl is not really a bug , but because the domain name changes.

 

If you have the correct cookie setting in includes/configure.php , the osCsid=xxx is not a problem , it will disapear after the first 1-2 clicks around the site. Att. also set Remove Spider Session to "true" in your admin.

Posted
That force cookies does not work with shared ssl is not really a bug , but because the domain name changes.

 

If you have the correct cookie setting in includes/configure.php , the osCsid=xxx is not a problem , it will disapear after the first 1-2 clicks around the site. Att. also set Remove Spider Session to "true" in your admin.

 

Toyicebear, thanks for the response. May have to try playing with the cookie setting some more, because the osCid=xxx is defintely around for the duration.

 

Out of curiousity, what affect does the Remove Spider Session to "true" have?

Posted
the osCid=xxx is defintely around for the duration.

 

Yep, definitely was a problem with my config file - the osCid# goes away after 1-2 clicks now. Thanks again.

Posted
Out of curiousity, what affect does the Remove Spider Session to "true" have

 

It prevents sid's being added to your shops urls when a search engine bot visites and indexes your site .

 

It is also advisable to download and use the latest spiders.txt from the contributions section. (This is a text file identifying known spider bots)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...