Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

osCsid cookie not being set


bradyswenson

Recommended Posts

Hello all,

 

I've never posted a question in the forums because I've always been able to find answers without needing to. But this is a strange problem that seems to have just cropped up, one of those ghost in the machine things, because I have not edited a character of code for quite some time before this started happening.

 

A couple days ago I noticed that my shopping cart is no longer holding information. It took me a while but I then realized that the shopping cart works when logged in. I use the Firefox Web Dev tool bar to look at the cookies being set and realized that osCsid is not being set upon visiting the site. After logging in the a session is started and osCsid is set.

 

Does this behavior raise any red flags for anyone? I just need a direction to start on so I can get this figured out. The site in question is twohandsworldshop.com.

 

Thanks so much,

Brady

Link to comment
Share on other sites

I have one more piece of perhaps useful information... the osCsid is set upon a visit to login.php or create_account.php, but not before then.

 

This is probably a simple issue or setting that was changed on accident somehow, like I said this was a working shop a few days ago and I haven't edited any code, I even tried a backup copy... what am I missing?

 

I am using SEO Urls and here are my session config settings:

 

Session Directory /tmp

Force Cookie Use False

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session True (tried this one on and off to no avail)

Link to comment
Share on other sites

So, I'm spamming my own thread here but I'm sure you all understand how an osC problem can consume you.

 

Ok, so, I'm thinking the answer lies in how osC is treating sessions for https vs http, seeing as the session (and the osCsid cookie that makes the cart maintain state) finally gets set when the user visits login.php.

 

Does that ring any bells? Any help, advice, malformed thoughts, incomplete brainstorms, pointless drivel... anything really would be very much appreciated! :)

 

Brady

Link to comment
Share on other sites

Welcome to the fifth post of my ongoing blog of this problem...

 

I've been through the forums and I've seen that a lot of people have had problems with shared certs going from https to http and losing the session. This is a bizzare problem because my session is not being set until a page is visited using https. Once the session is set, though, I can go back to http without a problem. I'm using a full cert, of course, so the domain never changes. Here's my config.php:

 

  define('HTTP_SERVER', 'http://twohandsworldshop.com'); 
 define('HTTPS_SERVER', 'https://twohandsworldshop.com'); 
 define('ENABLE_SSL', true); 
 define('HTTP_COOKIE_DOMAIN', 'twohandsworlshop.com');
 define('HTTPS_COOKIE_DOMAIN', 'twohandsworldshop.com');

 

For the time being, until I get this solved, or one of you tells me I'm an idiot and this problem is trivially simple to fix and to figure out, I've used the .htaccess file to redirect all requests to https so that sales can continue. But I'd much rather not keep the site like this for obvious performance reasons (, HTTPS performance for web applications has been documented by the industry to be up to 5 times slower with regard to transaction response times, and have up to 1/5 the system throughput... source.). So, please, still let me know what you think!

 

Like I said in the original post, I have no clue what brought the behavior on. I'm confounded.

Link to comment
Share on other sites

  • 9 months later...
Welcome to the fifth post of my ongoing blog of this problem...

 

I've been through the forums and I've seen that a lot of people have had problems with shared certs going from https to http and losing the session. This is a bizzare problem because my session is not being set until a page is visited using https. Once the session is set, though, I can go back to http without a problem. I'm using a full cert, of course, so the domain never changes. Here's my config.php:

 

  define('HTTP_SERVER', 'http://twohandsworldshop.com'); 
 define('HTTPS_SERVER', 'https://twohandsworldshop.com'); 
 define('ENABLE_SSL', true); 
 define('HTTP_COOKIE_DOMAIN', 'twohandsworlshop.com');
 define('HTTPS_COOKIE_DOMAIN', 'twohandsworldshop.com');

 

For the time being, until I get this solved, or one of you tells me I'm an idiot and this problem is trivially simple to fix and to figure out, I've used the .htaccess file to redirect all requests to https so that sales can continue. But I'd much rather not keep the site like this for obvious performance reasons (, HTTPS performance for web applications has been documented by the industry to be up to 5 times slower with regard to transaction response times, and have up to 1/5 the system throughput... source.). So, please, still let me know what you think!

 

Like I said in the original post, I have no clue what brought the behavior on. I'm confounded.

I see this post now...years later and wonder if you ever found a resolution. I am having a very similar issue with the osCsid cookie not being set. Other cookies are set, but for some reason, this one is not. Ugh....

Link to comment
Share on other sites

I see this post now...years later and wonder if you ever found a resolution. I am having a very similar issue with the osCsid cookie not being set. Other cookies are set, but for some reason, this one is not. Ugh....

 

ditto

Link to comment
Share on other sites

  • 5 months later...

define('HTTP_COOKIE_DOMAIN', 'twohandsworlshop.com');

 

that's a typo there.

 

But I ran into this issue awhile back and it had to do with the expire date set on my cookies. I have an autologon contrib added in and if i didn't format the expire date just right, it would totally bork the entire cookie setting. But only on Firefox & Safari windows and not Safari Mac. Strange, I know.

Link to comment
Share on other sites

  • 3 months later...

Yeah, I seem to also be having similar problems, except no cookies are being set and even though the session id appears to be keeping up with the user, some contributions I'm using are not able to read the session ID even with cookies being forced (though when i force cookies it doesn't seem to do anything. I am also using the web developer tools addon for firefox and it isn't showing any cookie from my store =( )

 

Has any of this been resolved?

 

-J

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...