WoodsWalker Posted May 31, 2008 Posted May 31, 2008 Hi everyone! The "Force Cookie Use" option in the admin under "Configuration/Sessions" seemed like a good idea, but after I enabled it, several of my testers reported that when they tried to log in to the catalog or create an account, they were redirected to a page instructing them to enable cookies on their browsers. This happened even though their browsers were already set to accept cookies! I tested the situation myself, using Firefox 2.0 and IE 6.0, both with cookies enabled, and my testers were right! All of us are redirected to /catalog/cookie_usage.php. Glad I tested this before launching my catalog! Anyone have any further info on this, or is "Force Cookie Use" simply useless? Thanks, ~Wendy
spax Posted May 31, 2008 Posted May 31, 2008 It sounds like you have a shared SSL certificate. If you want to force cookie use, then you need a dedicated certificate.
WoodsWalker Posted May 31, 2008 Author Posted May 31, 2008 It sounds like you have a shared SSL certificate. If you want to force cookie use, then you need a dedicated certificate. Nope, I have dedicated SSL, so it can't be that.
WoodsWalker Posted May 31, 2008 Author Posted May 31, 2008 Then maybe the configure files aren't set correctly. Is there anything specific I should look for?
spooks Posted May 31, 2008 Posted May 31, 2008 check your config settings closely, for a root site they should be like. define('HTTP_SERVER', 'http://www.mystore.com'); define('HTTPS_SERVER', 'https://mystore.com'); define('HTTP_COOKIE_DOMAIN', 'www.mystore.com'); define('HTTPS_COOKIE_DOMAIN', 'mystore.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); Remember BACKUP FIRST Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
WoodsWalker Posted June 1, 2008 Author Posted June 1, 2008 check your config settings closely [etc etc] Remember BACKUP FIRST Hi Sam! OK, I tried that (well, as close as I thought I could get, since my SSL is for address "www.myaddress.com"), and tested it but the problem still reappears as soon as I set "Force Cookie Use" to "true". Here's what I have... define('HTTP_SERVER','http://www.myaddress.com'); define('HTTPS_SERVER', 'https://www.myaddress.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.myaddress.com'); define('HTTPS_COOKIE_DOMAIN', 'www.myaddress.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); See any boo-boos? ~Wendy
spooks Posted June 1, 2008 Posted June 1, 2008 Hi Sam! OK, I tried that (well, as close as I thought I could get, since my SSL is for address "www.myaddress.com"), and tested it but the problem still reappears as soon as I set "Force Cookie Use" to "true". Here's what I have... define('HTTP_SERVER','http://www.myaddress.com'); define('HTTPS_SERVER', 'https://www.myaddress.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.myaddress.com'); define('HTTPS_COOKIE_DOMAIN', 'www.myaddress.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); See any boo-boos? Yes, I mentioned what I sent was for a 'root' site, but you seem to have a 'catalog' site. try these: define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); and maybe define('HTTPS_COOKIE_DOMAIN', 'myaddress.com'); ~Wendy Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
WoodsWalker Posted June 1, 2008 Author Posted June 1, 2008 try these: define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); This is what they were originally, before I made the suggested change, so I know that won't solve it. and maybe define('HTTPS_COOKIE_DOMAIN', 'myaddress.com'); Will this be OK, even though the SSL is for www.myaddress.com? ~Wendy
WoodsWalker Posted June 5, 2008 Author Posted June 5, 2008 Changing both cookie domains as follows solved the problem: define('HTTP_COOKIE_DOMAIN', 'myaddress.com'); define('HTTPS_COOKIE_DOMAIN', 'myaddress.com'); I read in another thread that the two cookie domains must match for "Force Cookie Use" to work. Thanks for your help! Now that it's working I'm wondering if I really want to use it... natch. ~Wendy
Recommended Posts
Archived
This topic is now archived and is closed to further replies.