Guest Posted March 28, 2008 Share Posted March 28, 2008 I run a Metal Fabrication Equipment site using osCommerce and have a problem where some people cannot stay logged in. I have no problems with any of my browsers or from any machine/os/browser combination I own. None of my client's employees have a problem logging in as customers and doing whatever on the site. When I visit friends, I always ask to borrow their computers and create an account. From all of this I have one instance of the problem. The person regularly does online transactions successfully, but is unable to at my site. The person can login successfully and traverse any of their SSL account pages without a problem. As soon as they try and navigate to any catalog, article, information page they are brought to the login screen. The shop is pretty heavily modified. I do use one of the seo url contributions. I've added code like echo $SESSION_IP_ADDRESS . ' does not equal ' . $ip_address; in the appropriate place as a way of finding if that was the section kicking my friend out. I define my own requirements for being SSL on the specific pages through code like this: if ($request_type == 'NONSSL') { tep_redirect(tep_href_link(FILENAME_ACCOUNT,'', 'SSL')); } if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } and have commented out this: /* if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL } } */ from tep_redirect to compensate. I added: if ($request_type == 'SSL') { tep_redirect(tep_href_link(FILENAME_ARTICLES,'', 'NONSSL')); } to articles.php just to see if that make a difference. Under sessions in configuration force cookie usage, prevent spider sessions, and recreate sessions are all true. Check SSL session ID has been false and I just set Check User agent and Check IP Address to false. In my various attempts to fix this I have managed to make the administration non-accessible and the whole site unusable. Much backtracking has been done :blush: I have modified the code in the seo contribution so that both $base_url and $base_url_SSL point to HTTP_SERVER . DIR_WS_HTTP_CATALOG; I do not see anything in the code that should be doing this to them. I have seen a couple abandoned carts and am afraid that my friend is not the only person affected. Any comments suggestions are welcome. I would appreciate any help I can get. My client's login page if you want to try it yourself. Please put forum or osCommerce for the company name. Please do not use the Information Request Webforms, my client gets those directly. I receive the contact us forms. Replies are best here at the forum. You can test the shopping cart out, I'll rely on the company name to filter the test orders out. Standard CC test number 4111111111111111, C.O.D., or check - doesn't matter. Thank you Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.