Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Question about osCsid string

vjboc

By vjboc
in General Support

Recommended Posts

vjboc

vjboc

Posted
Posted

I recently added ultimate seo urls and it works awesome in Internet Explorer. I just checked it on firefox and a long osCsid string is after the prduct name in url.

 

In I.E it disappears after I click one link. But in Firefox it don't.

 

How can I fix that?

web-project

web-project

Posted
Posted

this osCsidis session string, you can remove it the following way:

go to osc admin panel --> Configuration --> Sessions --> Prevent Spider Sessions set to true

or if it's doesn't work you can find a few contributions in contribution database.

Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

vjboc

vjboc

Posted
  • Author
Posted

this osCsidis session string, you can remove it the following way:

go to osc admin panel --> Configuration --> Sessions --> Prevent Spider Sessions set to true

or if it's doesn't work you can find a few contributions in contribution database.

 

 

Does that create any other problems? Seems like I read somewhere the osCsid is important for operation. But not sure. What is the purpose of osCsid

FWR Media

♥FWR Media

Posted
Posted

osCsid is essential for maintaining state (the session) Prevent Spider Sessions should be set to true but doesn't affect this issue.

 

There should be no difference between Firefox and IE, if your configuration is correct then the osCsid should disappear after a couple of clicks.

Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls

 

KissMT Dynamic SEO Meta & Canonical Header Tags

 

KissER Error Handling and Debugging

 

KissIT Image Thumbnailer

 

Security Pro - Querystring protection against hackers ( a KISS contribution )

 

If you found my post useful please click the "Like This" button to the right.

Please only PM me for paid work.

FWR Media

♥FWR Media

Posted
Posted

Your right it did. Does osCsid cause any security issues?

 

Well yes and no :)

 

Handled correctly osCsid does what it is meant to do and allows the script to recognise a user as unique and therefore allows them to add to cart .. buy etc.

 

Handled incorrectly customers can log in as each other their data then being compromised.

 

The rules are: -

 

Prevent Spider Sessions = true

 

Recreate sessions = true

 

Keep spiders.txt updated with the latest version.

 

If you want to be ultra secure and lose the osCsid you can set Force cookie use to true BUT the caveat is that you could lose a few sales from customers who disallow cookies in their browser and ..

 

You have to have a decicated IP .. a full SSL certificate .. your HTTP domain must match your HTTPS domain.

 

Like ..

 

http://www.mydomain.com

https://www.mydomain.com

 

NOT

 

 

http://www.mydomain.com

https://mydomain.com

Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls

 

KissMT Dynamic SEO Meta & Canonical Header Tags

 

KissER Error Handling and Debugging

 

KissIT Image Thumbnailer

 

Security Pro - Querystring protection against hackers ( a KISS contribution )

 

If you found my post useful please click the "Like This" button to the right.

Please only PM me for paid work.

vjboc

vjboc

Posted
  • Author
Posted

Well yes and no :)

 

Handled correctly osCsid does what it is meant to do and allows the script to recognise a user as unique and therefore allows them to add to cart .. buy etc.

 

Handled incorrectly customers can log in as each other their data then being compromised.

 

The rules are: -

 

Prevent Spider Sessions = true

 

Recreate sessions = true

 

Keep spiders.txt updated with the latest version.

 

If you want to be ultra secure and lose the osCsid you can set Force cookie use to true BUT the caveat is that you could lose a few sales from customers who disallow cookies in their browser and ..

 

You have to have a decicated IP .. a full SSL certificate .. your HTTP domain must match your HTTPS domain.

 

Like ..

 

http://www.mydomain.com

https://www.mydomain.com

 

NOT

 

 

http://www.mydomain.com

https://mydomain.com

 

 

 

 

Is it OK that the osCsid shows up once? I set Recreate sessions to true, It didn't change it. Where is spiders.txt,and how do I keep it updated.

vjboc

vjboc

Posted
  • Author
Posted

I put "force cookie use" to true. It took care of the problem. Is that OK? When I hook up an ssl it can't be shared right? I will start the check out for the site with Pay/pal, will I need an ssl for that?

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...