Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

cookies

qwertyjjj

By qwertyjjj
in General Support

Recommended Posts

BryceJr

BryceJr

Posted
Posted

Log in to your osc admin panel >>Configuration>>Sessions ->Force Cookie Use->TRUE

 

Fill these in your /includes/ configure.php file, if they're empty.

 

define('HTTP_COOKIE_DOMAIN', 'based on your domain HTTP_SERVER');

define('HTTPS_COOKIE_DOMAIN', 'based on your domain in your ssl cert');

 

If on shared SSL, ask your host the format for define('HTTPS_COOKIE_DOMAIN','');

 

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

qwertyjjj

qwertyjjj

Posted
  • Author
Posted

Log in to your osc admin panel >>Configuration>>Sessions ->Force Cookie Use->TRUE

 

Fill these in your /includes/ configure.php file, if they're empty.

 

define('HTTP_COOKIE_DOMAIN', 'based on your domain HTTP_SERVER');

define('HTTPS_COOKIE_DOMAIN', 'based on your domain in your ssl cert');

 

If on shared SSL, ask your host the format for define('HTTPS_COOKIE_DOMAIN','');

 

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

Ok, but which file are the cookies set in?

Actually, OSC already seems to store some cookies from my site...

I just need to create a new one to show what product they have ordered in the past and cross check it with my DB for security.

MrPhil

MrPhil

Posted
Posted

Well, if you search for COOKIE_PATH, you'll see that the variable "$cookie_path" is set in includes/application_top.php. Searching for $cookie_path, you see that includes/application_top.php and [admin/]includes/classes/sessions.php use it. Looking in those two files, you're led to PHP_SESSION_PATH, the session_set_cookie_params() function, and some alternates for different PHP levels. There's a test cookie baked with tep_setcookie(), and read with $HTTP_COOKIE_VARS['name of cookie']. In sessions.php, there is a call to setcookie() to write a cookie. Look for $HTTP_COOKIE_VARS usage to see how to read a specific cookie you've set. Decide where you want to write and read your cookie, and you're good to go.

 

Don't forget that some people refuse to allow cookies to be set, and others vigorously delete every cookie they find. Therefore, storing purchased product information long term in a cookie may not be the most reliable thing. You might want to consider storing past purchases information in the database (in a new table) rather than in a vulnerable cookie. Also, what if the customer is on a different computer than they used before -- it won't have your cookie?

qwertyjjj

qwertyjjj

Posted
  • Author
Posted

Well, if you search for COOKIE_PATH, you'll see that the variable "$cookie_path" is set in includes/application_top.php. Searching for $cookie_path, you see that includes/application_top.php and [admin/]includes/classes/sessions.php use it. Looking in those two files, you're led to PHP_SESSION_PATH, the session_set_cookie_params() function, and some alternates for different PHP levels. There's a test cookie baked with tep_setcookie(), and read with $HTTP_COOKIE_VARS['name of cookie']. In sessions.php, there is a call to setcookie() to write a cookie. Look for $HTTP_COOKIE_VARS usage to see how to read a specific cookie you've set. Decide where you want to write and read your cookie, and you're good to go.

 

Don't forget that some people refuse to allow cookies to be set, and others vigorously delete every cookie they find. Therefore, storing purchased product information long term in a cookie may not be the most reliable thing. You might want to consider storing past purchases information in the database (in a new table) rather than in a vulnerable cookie. Also, what if the customer is on a different computer than they used before -- it won't have your cookie?

 

I have a demo product on my site that I only want to allow customers to order once.

Whilst I can check their IP, some IPs are dynamic or blocked and they could easily register as a new customer and order the demo again.

I cannot check addresses so IP addresses and cookies are the only means really short of finger printing their computers, which has its own limitations as well.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...