Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Session Recreate Question


sharplab

Recommended Posts

I am baffled. Our store which is a donator of oscommerce. (www.SharpWebLabs.com)

has been having some problems with customers logging in and also with their passwords.

 

We have been researching possible problems with cookies, session, etc etc.

 

1) We have since change the sessions to be stored in database and no longer in the /tmp folder.

 

2) We never force cookies.

 

3) Should we change the "Recreate Sessions" to true?

Also should we add the contribution? What advantage does this have?

Is it possible that this may be the problem?

 

4) Should I be concerned about the PhP Global Registers problem?

We run php 4.4.4 and OSC2.2.

 

The problem is only occasional and not with every customer. We get emails a few times

a month from customers who can not log in to their account and then request a new password

but that does not work either.

 

PLEASE give us some guidance to head in the proper direction with respect to our problem as we think we are losing sales each month.

 

THANK YOU SO MUCH!

 

Steve

Webmaster

Link to comment
Share on other sites

Should be a hard coded link not using tep href that when click will not carry oscid in the url get part.

 

 

As it is occassional.

 

Had it been happening after a specific time then we could have thought of it as a session expire issue.

 

So chek what all code was added of late and chek the url has the oscid.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

Not sure but I think this has been an ongoing problem with our cart

but not positive. Is there a specific file(s) that we should begin with?

 

Would there be any contributions which address log on problems

and the fact that sometime the password is not accepted nor is the

new password after sent via email.

 

THX!

 

 

Webmaster

Link to comment
Share on other sites

When I go to the log in page here is the url that I just got:

 

https://www.sharpweblabs.com/shop/login.php...5157e2d7983cb45

 

Should I be NOT getting the session id?

Is that part of my problem?

 

THX!

 

Webmaster

Link to comment
Share on other sites

When I go to the log in page here is the url that I just got:

 

https://www.sharpweblabs.com/shop/login.php...5157e2d7983cb45

 

Should I be NOT getting the session id?

Is that part of my problem?

 

THX!

 

Webmaster

 

You have got a persistent osCsid which is very bad. It basically means that your configure settings are incorrect.

 

The osCsid should disappear from the url about the second click. It probably doesn't help that your "splash page" uses the domain without www. especially as that link is available in the osc breadcrumb.

 

I would suggest ..

 

Ideal -- move the shop to root kill the splash page and force cookie use

 

Alternative -- Get the configure settings correct and alter the splash page to use www. and enable recreate session.

Link to comment
Share on other sites

You have got a persistent osCsid which is very bad. It basically means that your configure settings are incorrect.

 

The osCsid should disappear from the url about the second click. It probably doesn't help that your "splash page" uses the domain without www. especially as that link is available in the osc breadcrumb.

 

I would suggest ..

 

Ideal -- move the shop to root kill the splash page and force cookie use

 

Alternative -- Get the configure settings correct and alter the splash page to use www. and enable recreate session.

 

 

I have alwats been under the assumption that "forcing cookies" was bad.

Am I wrong on this?

 

Also where should I check for config settings?

in "configure.php"?

What should I be looking for?

 

Only problem with moving site to root is that I have approx 4000

pages indexed by google now. This move will all but cripple my traffic and sales

unless there is something I do not know to prevent indexed pages from being dropped.

 

THX!

 

 

Webmaster

Link to comment
Share on other sites

I have alwats been under the assumption that "forcing cookies" was bad.

Am I wrong on this?

 

Also where should I check for config settings?

in "configure.php"?

What should I be looking for?

 

Only problem with moving site to root is that I have approx 4000

pages indexed by google now. This move will all but cripple my traffic and sales

unless there is something I do not know to prevent indexed pages from being dropped.

 

THX!

 

 

Webmaster

 

Forcing cookies is not bad at all .. in fact you'll be hard pressed to find any major shop where you can buy with cookies off. I would give examples but mine are all uk based.

 

The only downside of force cookies is that users with cookies off will receive the cookie_usage.php page. the benefits are many .. no querystring osCsid (recent harder server checks by merchant banks are demanding this in many cases).

 

Only problem with moving site to root is that I have approx 4000

pages indexed by google now. This move will all but cripple my traffic and sales

unless there is something I do not know to prevent indexed pages from being dropped.

 

A directory move is a pretty simple .htaccess 301 redirect. Although I'm not a specialist in this area the following may well work.

 

RewriteEngine On
RewriteBase /
RewriteRule ^myolddirectory/(.*)$ /$1 [R=301,NC,L]

Link to comment
Share on other sites

Forcing cookies is not bad at all .. in fact you'll be hard pressed to find any major shop where you can buy with cookies off. I would give examples but mine are all uk based.

 

The only downside of force cookies is that users with cookies off will receive the cookie_usage.php page. the benefits are many .. no querystring osCsid (recent harder server checks by merchant banks are demanding this in many cases).

 

 

 

A directory move is a pretty simple .htaccess 301 redirect. Although I'm not a specialist in this area the following may well work.

 

RewriteEngine On
RewriteBase /
RewriteRule ^myolddirectory/(.*)$ /$1 [R=301,NC,L]

 

 

Thank you much!

What would need to be changed with respect to configuration files to move to root?

Do we only need to change configure.php?

 

Also strange, I just tried forcing cookies and now I can not log on.

Any ideas? I switched it back off and then I was able to log right on with my customer

email and password.

 

THX!

 

 

Webmaster

Link to comment
Share on other sites

Thank you much!

What would need to be changed with respect to configuration files to move to root?

Do we only need to change configure.php?

 

Also strange, I just tried forcing cookies and now I can not log on.

Any ideas? I switched it back off and then I was able to log right on with my customer

email and password.

 

THX!

 

 

Webmaster

 

Well as I said before your configure settings seem to be creating persistent osCsid.

 

Example of the shop in root

 

  define('HTTP_SERVER', 'http://www.sharpweblabs.com');
 define('HTTPS_SERVER', 'https://www.sharpweblabs.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.sharpweblabs.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.sharpweblabs.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 

Example with the shop where it is

 

  define('HTTP_SERVER', 'http://www.sharpweblabs.com');
 define('HTTPS_SERVER', 'https://www.sharpweblabs.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.sharpweblabs.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.sharpweblabs.com');
 define('HTTP_COOKIE_PATH', '/shop/');
 define('HTTPS_COOKIE_PATH', '/shop/');
 define('DIR_WS_HTTP_CATALOG', '/shop/');
 define('DIR_WS_HTTPS_CATALOG', '/shop/');

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...