Ian-San Posted February 13, 2003 Share Posted February 13, 2003 However, I have discovered a problem with this code in html_output.php: if ($HTTP_GET_VARS['language'] && $kill_sid) { if (tep_not_null($parameters)) { $parameters = ereg_replace("[&]language=[a-z][a-z]", "", $parameters); } if (tep_not_null($parameters)) { $parameters .= "&language=" . $HTTP_GET_VARS['language']; } else { $parameters = "language=" . $HTTP_GET_VARS['language']; } } Rather than just replacing the language/en it is adding the new language string e.g. it becomes: language/ja/language/en in the second if. I think the second if should test for $HTTP_GET_VARS['language'] not $parameters?? Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
Ian Posted February 13, 2003 Author Share Posted February 13, 2003 ian-san, No the problem is the ereg_replace, this is supposed to remove previous language from url. However I forgot to take account of SEFU's so the ereg_replace fails. Will update. Quote Trust me, I'm an Accountant. Link to comment Share on other sites More sharing options...
mugitty Posted February 13, 2003 Share Posted February 13, 2003 Can you guys who say everything is working fine with no problems confirm for me that you can go into your store on the index (default) page from a clean browser, immediately go to login with nothing in the shopping cart and successfully login rather than being sent back to the index page, still not logged in. Thanks :) Quote ... if you want to REALLY see something that doesn't set up right out of the box without some tweaking, try being a Foster Parent! Link to comment Share on other sites More sharing options...
Ian-San Posted February 13, 2003 Share Posted February 13, 2003 Can you guys who say everything is working fine with no problems confirm for me that you can go into your store on the index (default) page from a clean browser, immediately go to login with nothing in the shopping cart and successfully login rather than being sent back to the index page, still not logged in. Thanks :) Yes - it works for me. I am using SEFU plus storing sesions in MySQL. Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
wizardsandwars Posted February 13, 2003 Share Posted February 13, 2003 mugitty, Yes, I am also able to do that with the SID killer installed. I am not able however, to login, go to a product, click reviews, and click wrote a review. It immediatly logs me out, and dumps me back out at the default.php. Similar symptoms, I think. Sadly, I am disabling this SID and going back to the USER_AGENT solution until we can get this sorted out. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
Guest Posted February 13, 2003 Share Posted February 13, 2003 Can you guys who say everything is working fine with no problems confirm for me that you can go into your store on the index (default) page from a clean browser' date=' immediately go to login [u']with nothing in the shopping cart[/u] and successfully login rather than being sent back to the index page, still not logged in. Thanks :) Your not alone mugitty, I have the same issue with sid killer. This is the one problem I want resolved bad enough to actually post and put my 2 cents worth in. I only use the english language on my cart, all other languages have been removed through the admin tool and I only use USD currency all other currencies have also been removed through the admin tool. I've tried the latest mod plus whatever else I could find in the forums either in the form of additional coding or replacing certain lines of code ( I think I've tried it all). My last attempt was to install a totally clean install of the latest snapshot, the only mofiications I made were: added my secure server address, configured the cart to my preference... language, currency and so on, created a test account to login with and at last installed the sid killer addon. Still kicks me back to the index.php/default.php page when I try to login right when the page is first accessed. Login is successful if I go to the cart first added an item and start the checkout process. I've installed two new clean snapshots today so if anyone has any suggestions on what maybe to try next let me know. Thanks everyone Quote Link to comment Share on other sites More sharing options...
mugitty Posted February 13, 2003 Share Posted February 13, 2003 OK, I've gotten a little further with this not being able to log in thing. There seems to be something with the EXACT address to which I'm directing the browser. In all cases I am talking about a situation where SIDKiller is installed, there is nothing in the shopping cart and I am going directly to login on my first click from the index page: 1: If I go to http://farmex.now.tc/catalog/index.php , I cannot log in. 2: If I go to http://farmex.now.tc/catalog , the browser resolves to http://www.farmex.now.tc/catalog/ and I can log in just fine. 3: If I go to http://farmex.now.tc/catalog/ , the browser resolves to the same exact address and I cannot log in. 4: If I go to http://www.farmex.now.tc/catalog , the browser resolves to the same with a trailing slash added after 'catalog', and I can log in. 5: If I go to http://www.farmex.now.tc/catalog/index.php , the browser resolves to the same exact address and I can log in. If I change my configure.php from define('HTTP_SERVER', 'http://farmex.now.tc') to define('HTTP_SERVER', 'http://www.farmex.now.tc') then I am unable to log in under any of the above conditions. My https is on a different server from my http and presently looks like this: define('HTTPS_SERVER', 'https://secure14.vosn.net/~farmex'); define('ENABLE_SSL', true); // secure webserver for checkout procedure? Does any of this give anyone an idea of why I am encountering this? Heartfelt thanks to anyone who can help! Quote ... if you want to REALLY see something that doesn't set up right out of the box without some tweaking, try being a Foster Parent! Link to comment Share on other sites More sharing options...
wizardsandwars Posted February 13, 2003 Share Posted February 13, 2003 Just found another quirk. Although I am able to login, If I go to my address book, and try to add a new address, it will log me out, and dump me out to the default.php. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
Ian-San Posted February 13, 2003 Share Posted February 13, 2003 I cannot duplicate any of the above problems. Could it be because I have a pre-november release? Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
A. Schneider Posted February 13, 2003 Share Posted February 13, 2003 My version I have is always the actual cvs version. "patch" is my best friend :D Coudl the Problem SSL -> NONSSL come from a sslproxy? I realy don??t know... Alex Quote Link to comment Share on other sites More sharing options...
wizardsandwars Posted February 13, 2003 Share Posted February 13, 2003 I have a pre-November snapshot as well. The only thing I can think of that I have changed, is that I have altered the "NONSSL" and changed them to "SSL" in several places. I've done this because after a customer logs in, I wish for them to stay on SSL until they leave the site, in order to aviod the "you are about to leave a secure page" warnings. However, if I comment out the SID killer in app top, It doesn't automatically log me out in the instances I described above. So, I have to conclude that the SID killer is conjunction with the changed SSL settings has caused the problems. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
mugitty Posted February 13, 2003 Share Posted February 13, 2003 I'm back to the one little section of SIDKiller code below. If I comment it out and use the original code in this section, I can log in under ALL of the conditions mentioned in my previous post, whether my http server is defined as 'http://farmex.now.tc' or as 'http://www.farmex.now.tc'. The problem of course being that this seems to be the only part of the SIDKiller code that prevents the search engines from displaying SIDs when they look at links. // Add the session ID when moving from HTTP and HTTPS servers or when SID is defined if ( (ENABLE_SSL == true ) && ($connection == 'SSL') && ($add_session_id == true) ) { $sid = tep_session_name() . '=' . tep_session_id(); } elseif ( ($add_session_id == true) && (tep_not_null(SID)) ) { $sid = SID; } if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) { while (strstr($link, '&&')) $link = str_replace('&&', '&', $link); $link = str_replace('?', '/', $link); $link = str_replace('&', '/', $link); $link = str_replace('=', '/', $link); $separator = '?'; } if (isset($sid)) { $link .= $separator . $sid; } // BEGIN SIDKiller code - uncomment above if not using SIDKiller code // if (isset($sid) && (!$kill_sid)) { // $link .= $separator . $sid; // } // END SIDKiller code return $link; } Am I missing something, or does this indicate that this effect is caused by just this one section of the SIDKiller code? Quote ... if you want to REALLY see something that doesn't set up right out of the box without some tweaking, try being a Foster Parent! Link to comment Share on other sites More sharing options...
A. Schneider Posted February 13, 2003 Share Posted February 13, 2003 @mugitty This section is the only real changes!! all the other codesnipplets are only checks. I think its clear when you uncomment that section that all other things work... Quote Link to comment Share on other sites More sharing options...
Ian-San Posted February 13, 2003 Share Posted February 13, 2003 Am I missing something, or does this indicate that this effect is caused by just this one section of the SIDKiller code? That just puts the sids back in your url I think - ie it is like not having the sid killer there at all. Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
Ian Posted February 13, 2003 Author Share Posted February 13, 2003 Stuart, The reason why commenting out that part of the code fixes things is that that line decides whether to append the sid to a link. The problem is not with this line of code but with how $kill_sid is set in other parts of my code. I'd like to poll people on various settings. A) How they are storing sessions (mysql or file) B) Whether your SSL is on a different domain name. I also have a suggestion to try. // Add the session ID when moving from HTTP and HTTPS servers or when SID is defined if ( (ENABLE_SSL == true ) && ($connection == 'SSL') && ($add_session_id == true) ) { $sid = tep_session_name() . '=' . tep_session_id(); Straight after that last line add $kill_sid = false; Quote Trust me, I'm an Accountant. Link to comment Share on other sites More sharing options...
Ian-San Posted February 13, 2003 Share Posted February 13, 2003 Ian a) MySql B) Same Server - not using SSL c) Pre-November release d) SEFU e) No problems with log-outs - just language issue f) No problems with sids now either Quote Ian-san Flawlessnet Link to comment Share on other sites More sharing options...
wizardsandwars Posted February 13, 2003 Share Posted February 13, 2003 Ian, A.) MySQL B.) SSL Different Domain It definatly kills SIDs, but it seems to log you out when switching from SSL to NONSSL. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
mugitty Posted February 13, 2003 Share Posted February 13, 2003 Ian; The change that you mentioned above just seems to do the same as if I had commented the code that I mentioned before. With that section of html_output looking like this: // Add the session ID when moving from HTTP and HTTPS servers or when SID is defined if ( (ENABLE_SSL == true ) && ($connection == 'SSL') && ($add_session_id == true) ) { $sid = tep_session_name() . '=' . tep_session_id(); $kill_sid = false; } elseif ( ($add_session_id == true) && (tep_not_null(SID)) ) { $sid = SID; } if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) { while (strstr($link, '&&')) $link = str_replace('&&', '&', $link); $link = str_replace('?', '/', $link); $link = str_replace('&', '/', $link); $link = str_replace('=', '/', $link); $separator = '?'; } // if (isset($sid)) { // $link .= $separator . $sid; // } // BEGIN SIDKiller code - uncomment above if not using SIDKiller code if (isset($sid) && (!$kill_sid)) { $link .= $separator . $sid; } // END SIDKiller code return $link; } I am able to login under any address that I enter, but the SIDs are showing up in the search engine simulator again :( Storing sessions in mysql SSL on different server Quote ... if you want to REALLY see something that doesn't set up right out of the box without some tweaking, try being a Foster Parent! Link to comment Share on other sites More sharing options...
Ian Posted February 13, 2003 Author Share Posted February 13, 2003 Ok, I think the adjustment I gave muggity won't work. The problem seems to be when moving from ssl to nonssl on systems where the ssl domain is different from the nonssl domain. I must admit to not being 100% sure how internally the domain checking works. I would have thought that if you were having problems going from ssl->nonssl you would also have problems going from nonssl->ssl I'll put together some code to retain sids on ssl->non ssl transfers and see if this helps. When I first wrote this code I thought ok there's less than 10 lines of code, what could possibly go wrong. :oops: Quote Trust me, I'm an Accountant. Link to comment Share on other sites More sharing options...
mugitty Posted February 13, 2003 Share Posted February 13, 2003 Ian; I already owe you a half dozen pints for all the time and effort you've put into this - I sincerely appreciate it! When I first wrote this code I thought ok there's less than 10 lines of code, what could possibly go wrong. My old Grandpa used to say "If something can go wrong, it will" (well, OK, maybe it wasn't my Grandpa and maybe that's not exactly what was said, but it was something like that). Let's just call it Murphy's Law :wink: Quote ... if you want to REALLY see something that doesn't set up right out of the box without some tweaking, try being a Foster Parent! Link to comment Share on other sites More sharing options...
A. Schneider Posted February 13, 2003 Share Posted February 13, 2003 Hi Ian, A) Mysql B) SSL Different Domain C) latest cvs D) Tust for info: Above code change don?t work already tried it myself ;) When the change is in, the sid killer don?t work... Ian tnx again for your great work and help. Hope you find a good solution soon. :) Alex Quote Link to comment Share on other sites More sharing options...
Guest Posted February 19, 2003 Share Posted February 19, 2003 Hi I've installed the code and it works fine, however it does not work with the auto login contribution. Is there any way around this? What happens is that once you are logged in and then you log out you end up in an infinite loop, whichever link tyou click on it forwards to logoff.php where the loop takes place. I hope this can be resolved as I love the auto login contrib :) Well done to Ian for all his hard work! Andy Quote Link to comment Share on other sites More sharing options...
imlek Posted March 18, 2003 Share Posted March 18, 2003 I just follow this thread and implement Ian's mod. Its work great for my site, www.baliartworld.com Thanks a lot Ian. Quote Link to comment Share on other sites More sharing options...
Farrukh Posted April 4, 2003 Share Posted April 4, 2003 I am facing a problem when I run my cart on SSL The SID gets killed while i work on NONSSL. I have my cart enabled to SSL now. Can anyone check it out and also after logging in through HTTPS, i get directed towards a 404 Page Error. http://www.arabianbazaar.com Quote Link to comment Share on other sites More sharing options...
Guest Posted November 9, 2003 Share Posted November 9, 2003 funny thing happened i was searching through the threads looking for a way to implament a sid killer and be successful until i ran accross Ian's idea sounded good anyway so i stopped right there and did it only problem is when i went to my site i got caught up in an infanant loop of logging off so i cam back to the forum to let everyone know that there is something wrong with that code and realized i only read page one and were 17 other pages i should have read through lol anyway yes i have auto login installed so any way arround this Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.