xenixdtp Posted June 20, 2009 Posted June 20, 2009 What I want to tell first: If we change the cookiedomain into a incorrect domain in the config file then we don't have this loop so it has something to do with the cookie! Situation: On the domain test.mydomain.com we have a oscommerce in the main folder. The index (start) page opens without any problems and creates a cookie file on the client computer. The url we can see in the navigation bar is http://test.mydomain.com/index.php?osCsid=...0092f9486787ae3 The product urls located on the startpage refers to http://test.mydomain.com/product_info.php?products_id=8166 As you can see, this link doesn't have the oscid anymore since the cookie took over. We can see the cookie in the Firefox menu settings with the 9403fe59fd3240f940092f9486787ae3 as id for our specific test.mydomain.com. But when we click on the product url, we got and endless loop. The apache server returns a 302(redirect) instead of a 200(sucessful). The client response on this with a new request for which the server gives another 302 result My configuration: define('HTTP_COOKIE_DOMAIN', '.test.mydomain.com'); define('HTTPS_COOKIE_DOMAIN', '.test.mydomain.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); Session Directory /tmp Force Cookie Use False Check SSL Session IDFalse Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session False My wireshark capture: GET /product_info.php?products_id=8166 HTTP/1.1 Host: test.mydomain.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: nl,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://test.mydomain.com/index.php?osCsid=...0092f9486787ae3 Cookie: osCsid=9403fe59fd3240f940092f9486787ae3 Result from the server HTTP/1.1 302 Found Date: Sat, 20 Jun 2009 12:41:45 GMT Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8g PHP/5.2.9 X-Powered-By: PHP/5.2.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: index.php?osCsid= Content-Encoding: gzip Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html automatic new request from the client to the server: GET /index.php?osCsid= HTTP/1.1 Host: test.mydomain.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: nl,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: osCsid=9403fe59fd3240f940092f9486787ae3 HTTP/1.1 302 Found Date: Sat, 20 Jun 2009 12:41:45 GMT Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8g PHP/5.2.9 X-Powered-By: PHP/5.2.9 Location: http://test.mydomain.com/index.php Content-Encoding: gzip Vary: Accept-Encoding Content-Length: 26 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html I also did a test on the index.php to check if the cookie is received correctly on the server by adding this to top of the page: echo $HTTP_COOKIE_VARS['osCsid']; die; and the result was my osCsid in the webbrowser to it was received correclty. This is a very difficult problem but I'll hope somebody can help me. Thx, Xenixdtp
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.