Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

getting oscid session ID's on my SSL links


galey1981

Recommended Posts

Hi guys

 

I bought a dedicated SSL with 1&1 for my website and set up the config file. I was getting a message saying the site wasn't to be trusted / unsecure because the ssl cert was for mywebsite.co.uk and not www.mywebsite.co.uk

 

I went into the config file in includes and amended the https bits, removing the www.

 

This now says the certificate is authentic but i get an oscommerce session id on the end of all the account and basket links on my website - and they dont go away. normally i'll click on one, then navigate to another link, and it comes off the url. but they're staying.

 

I've got ultimate seo's and the oscid killer contrib installed and i wondered if the .htaccess file needs amending or some kind of cookie path setting within admin? Just guessing what scenarios are causing this.

 

On the http://www.mysite.co.uk the session id is not a problem - it's just on the secure pages.

 

any input would be greatly appreciated. I can share the site if it helps?

Link to comment
Share on other sites

The test site can be found at:

http://www.gardenmachinerywebsite.co.uk/catalog

 

and my catalog/includes configure file is as follows:

 

  define('HTTP_SERVER', 'http://www.gardenmachinerywebsite.co.uk');
 define('HTTPS_SERVER', 'https://gardenmachinerywebsite.co.uk');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.gardenmachinerywebsite.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'gardenmachinerywebsite.co.uk');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

Sid Killer is not necessary and should be removed. For the SSL, I recall someone having problems due to 1&1 not using a standard SSL port. See this thread on how to test your connection.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Sid Killer is not necessary and should be removed. For the SSL, I recall someone having problems due to 1&1 not using a standard SSL port. See this thread on how to test your connection.

 

Jack

 

Hi Jack

 

I ran this check on my https directory and got the following results:

 

HTTP HOST: gardenmachinerywebsite.co.uk

Server Port: (i've taken this out for security purposes)

SSL Status: 1

Fowarded Server:

Fowarded Host:

Fowarded By:

 

It all works perfectly with cookies set to true - with it on false it gives me all these oscid errors but only on the secure style pages e.g account, login etc - normal cart pages dont exhibit this behaviour......

Link to comment
Share on other sites

Hi Jack

 

I ran this check on my https directory and got the following results:

 

HTTP HOST: gardenmachinerywebsite.co.uk

Server Port: (i've taken this out for security purposes)

SSL Status: 1

Fowarded Server:

Fowarded Host:

Fowarded By:

 

It all works perfectly with cookies set to true - with it on false it gives me all these oscid errors but only on the secure style pages e.g account, login etc - normal cart pages dont exhibit this behaviour......

 

I don't think I want to keep the cookies use set to true, and have put it back to false. There must be a setting which can alleviate this issue with an oscid getting put on the end of all my secure pages. Can anyone advise on a checklist?

Link to comment
Share on other sites

Hi Jack

 

I ran this check on my https directory and got the following results:

 

HTTP HOST: gardenmachinerywebsite.co.uk

Server Port: (i've taken this out for security purposes)

SSL Status: 1

Fowarded Server:

Fowarded Host:

Fowarded By:

 

It all works perfectly with cookies set to true - with it on false it gives me all these oscid errors but only on the secure style pages e.g account, login etc - normal cart pages dont exhibit this behaviour......

The above appears to be saying the ssl is not being used. I don't suggest running with Force Cookie on. The first I would try is to change these

  define('HTTP_COOKIE_DOMAIN', 'www.gardenmachinerywebsite.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'gardenmachinerywebsite.co.uk');

to these

  define('HTTP_COOKIE_DOMAIN', '.www.gardenmachinerywebsite.co.uk');
 define('HTTPS_COOKIE_DOMAIN', '.gardenmachinerywebsite.co.uk');

If that doesn't help, you should create the test script mentioned in that thread and use it to determine what code is needed to check for the ssl.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

If that doesn't help, you should create the test script mentioned in that thread and use it to determine what code is needed to check for the ssl.

 

Jack

 

Hi Jack, the strange thing is the SSL is working and shows a padlock with no errors on the secure pages. It all says it's secure and authenticated. But navigating through the various secure pages this oscid trail doesn't go away from the end of my URL's. What happens with my static pages is the oscid will maybe be present on one of the links but as soon as it's clicked and you go to that page the oscid goes away. It just wont shake off these secure pages on the https:// links.

 

I've changed that config to include the dot before the cookie path, but it's not made a difference.

 

With that script i've run it says ssl=1 which is what 1&1 uses to indicate it's a true connection. The port is 443 which is normal apparently too.

 

hmmmmmm, what to do? :blush:

Link to comment
Share on other sites

This is my full config file for the website - i've removed instances of www. as my ssl is assigned to the domain without it.

 

Please see this odd behaviour at http://gardenmachinerywebsite.co.uk/catalog and clicking on a secure link such as my account.

 

<?php
 define('HTTP_SERVER', 'http://gardenmachinerywebsite.co.uk');
 define('HTTPS_SERVER', 'https://gardenmachinerywebsite.co.uk');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', '.gardenmachinerywebsite.co.uk');
 define('HTTPS_COOKIE_DOMAIN', '.gardenmachinerywebsite.co.uk');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/kunden/homepages/2/*******/htdocs/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 define('DB_SERVER', '*******');
 define('DB_SERVER_USERNAME', '*******');
 define('DB_SERVER_PASSWORD', '*********');
 define('DB_DATABASE', '*******');
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', 'mysql');

?>

 

Everything in sessions, in admin, is set to false apart from the last two options prevent spider sessions and recreate session. My session directory is: /tmp/

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...