dreamscape Posted December 30, 2002 Share Posted December 30, 2002 under the current version of OSC, when cookies are enabled, the session ID is kept out of the URL except when a user 1st visits a page (which is ok), and when changing from nonSSL to SSL and back it is also propogated in the URL because not all site's have their SSL on the same domain (shared SSL)... but not all of us have shared SSL... my SSL is the same domain as my nonSSL site ie: nonSSL: http://www.mysite.com SSL: https://www.mysite.com and I would like to change the session functions to not add the osCsid to the URL when changing between nonSSL and SSL, since it is not necessary for my site. I have been going through the functions files and think that this code (in html_output.php) is what I am looking to change, but do not know what to change it to to prevent it from propigating the SID to the URL when cookies are enabled and changing from nonSSL to SSL or vice-versa. // Add the session ID when moving from HTTP and HTTPS servers or when SID is defined if ( (ENABLE_SSL == true ) && ($connection == 'SSL') && ($add_session_id == true) ) { $sid = tep_session_name() . '=' . tep_session_id(); } elseif ( ($add_session_id == true) && (tep_not_null(SID)) ) { $sid = SID; } I tried removing this code from the statement (ENABLE_SSL == true ) && ($connection == 'SSL') && but all that did was propogate the SID to the URL all the time with cookies enabled... any help would be great. thanks The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke Link to comment Share on other sites More sharing options...
aarslank Posted December 31, 2002 Share Posted December 31, 2002 I have the same issue... my SSL is the same domain as my nonSSL site ie: nonSSL: http://www.mysite.com SSL:https://www.mysite.com what are you using to kill the session id's?? is it a contribution??? If yes, which one?? I am going to need to do the same thing before I submit to search engines.. Thanks for your help. Link to comment Share on other sites More sharing options...
dreamscape Posted December 31, 2002 Author Share Posted December 31, 2002 with cookies enabled, no SID is in the URL (or there shouldn't be anyways) except when changing nonSSL <-> SSL.... I am not killing the SID totally so that non-cookie users can shop... but for search engine bots (like googlebot) I am going to install Ians SID killer... it is in the forums here somewhere... let me look... here it is: http://www.oscommerce.com/forums/viewtopic.php?t=25595 this basically only creates a SID if a user is logged in or an item is added to the cart, neither of which bots can do (except the "buy now" buttons because they are links... but I have changed my "buy now" buttons to forms so that bots cannot add to the cart)... I am still looking for how to disable the propigating the SID to the URL when changing from SSL <-> nonSSL and cookie enabled (or in otherwords only add the SID in the URL if cookies are disabled... if they are enabled, do not add it under any circumstances)... The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.