Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Cookie problem results in a loop


xenixdtp

Recommended Posts

What I want to tell first: If we change the cookiedomain into a incorrect domain in the config file then we don't have this loop so it has something to do with the cookie!

 

Situation:

On the domain test.mydomain.com we have a oscommerce in the main folder.

The index (start) page opens without any problems and creates a cookie file on the client computer.

 

The url we can see in the navigation bar is http://test.mydomain.com/index.php?osCsid=...0092f9486787ae3

The product urls located on the startpage refers to http://test.mydomain.com/product_info.php?products_id=8166

As you can see, this link doesn't have the oscid anymore since the cookie took over.

 

We can see the cookie in the Firefox menu settings with the 9403fe59fd3240f940092f9486787ae3 as id for our specific test.mydomain.com.

 

But when we click on the product url, we got and endless loop.

The apache server returns a 302(redirect) instead of a 200(sucessful).

The client response on this with a new request for which the server gives another 302 result

 

My configuration:

define('HTTP_COOKIE_DOMAIN', '.test.mydomain.com');

define('HTTPS_COOKIE_DOMAIN', '.test.mydomain.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

Session Directory /tmp

Force Cookie Use False

Check SSL Session IDFalse

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session False

 

My wireshark capture:

 

GET /product_info.php?products_id=8166 HTTP/1.1

Host: test.mydomain.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: nl,en-us;q=0.7,en;q=0.3

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Referer: http://test.mydomain.com/index.php?osCsid=...0092f9486787ae3

Cookie: osCsid=9403fe59fd3240f940092f9486787ae3

 

Result from the server

 

HTTP/1.1 302 Found

Date: Sat, 20 Jun 2009 12:41:45 GMT

Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8g PHP/5.2.9

X-Powered-By: PHP/5.2.9

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Location: index.php?osCsid=

Content-Encoding: gzip

Vary: Accept-Encoding

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/html

 

 

automatic new request from the client to the server:

 

GET /index.php?osCsid= HTTP/1.1

Host: test.mydomain.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: nl,en-us;q=0.7,en;q=0.3

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Cookie: osCsid=9403fe59fd3240f940092f9486787ae3

 

HTTP/1.1 302 Found

Date: Sat, 20 Jun 2009 12:41:45 GMT

Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8g PHP/5.2.9

X-Powered-By: PHP/5.2.9

Location: http://test.mydomain.com/index.php

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 26

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html

 

I also did a test on the index.php to check if the cookie is received correctly on the server by adding this to top of the page:

echo $HTTP_COOKIE_VARS['osCsid'];

die;

and the result was my osCsid in the webbrowser to it was received correclty.

 

This is a very difficult problem but I'll hope somebody can help me.

 

Thx,

Xenixdtp

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...