hohzho Posted March 15, 2007 Posted March 15, 2007 This is an odd issue for which I haven't found anything when searching for 'login' or 'session'. It occurs for no apparent reason and not systematically (!) -when a user logs on, any other user is also considered as logged in with the same account -when whoever logs out OSC, any other user is logged out as well In that case there can only be one single user logged on OSC at a time (the one who last logs in). This happens when oscsid remains 0 in OSC cookie. Question is: why '0'? Our site is based on MS2.2 with no contribution installed. Many mods but none on OSC login system, apart from a synchronization with invision power board login thanks to IPBSDK (which works fine for the forum side: every user remains connected with his own account). All session settings in admin are on false. We use the DB to store sessions ( "define('STORE_SESSIONS', 'mysql')" in configure.php ; only nine entries in the sessions table, though... one with sesskey = 0). We use a dedicated server. Any idea or similar experience welcome! ;)
Guest Posted March 15, 2007 Posted March 15, 2007 in your osc admin sessions set the "Prevent Spider Sessions" to true to prevent spiders for exposing your sessions. And you can try this for the existing problem (since spiders have already scaned your store: http://www.oscommerce.com/community/contributions,4112
hohzho Posted March 15, 2007 Author Posted March 15, 2007 Thank you for your reply. :) I understand the 'prevent spider sessions" setting can be useful. Same for the 'session regeneration' contribution, but what makes it different from the 'recreate session' setting? One important info: our site is not live yet (behind a http access) and we stumbled on the problem during some tests, not because of exposed sessions. ;) We have looked into the PHP server configuration, with no real clue. This is a bit scary! :huh:
Guest Posted March 15, 2007 Posted March 15, 2007 the default recreate session destroys and generates a session. But it has the same id unfortunately.
hohzho Posted March 15, 2007 Author Posted March 15, 2007 O K that's pretty clear now, we will try this contribution!
ltlamb Posted April 5, 2007 Posted April 5, 2007 O K that's pretty clear now, we will try this contribution! Have you had any luck with the contribution? We are in the exact same scenario. We came accross this problem while testing our site. No matter who logs in it treats everyone as the same user.
Guest Posted April 5, 2007 Posted April 5, 2007 Have you had any luck with the contribution? We are in the exact same scenario. We came accross this problem while testing our site. No matter who logs in it treats everyone as the same user. Have you tried it and still have the same problem or something?
hohzho Posted April 6, 2007 Author Posted April 6, 2007 In fact we've set the 'recreate session' admin setting to 'true' and it seems to do the trick. Meaning: a new oscsid for each login. Have you checked your oscsid by the way? Is it 0 when the problem occurs?
lizaa Posted July 15, 2007 Posted July 15, 2007 Hello I have the same problem too I tried the contribution sent here and nothing changed also tried to set the recreate session to true in the admin area but also nothing changed any suggestions ?? did any one solve this problem?!!!!!!!!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.