Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Yet another osCsid problem


LividWebmaster

Recommended Posts

Posted

I can't rid my URL fo the osCsid. I've read a bunch of topics on it and nothing I try mentioned in them can get it gone. I have it removed for the search bots but it's a huge security risk and need it removed from the url too. From what I gather this is caused by an incorrectly setup includes/config file, but from what I can tell it's set up just fine.

<?php
 define('HTTP_SERVER', 'http://www.xxx.org');
 define('HTTPS_SERVER', 'https://xxx.org');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'http://www.xxx.org');
 define('HTTPS_COOKIE_DOMAIN', 'https://xxx.org');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/xxx/xxx.org/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 define('DB_SERVER', 'mysql.xxx.org');
 define('DB_SERVER_USERNAME', 'xxx');
 define('DB_SERVER_PASSWORD', 'xxx');
 define('DB_DATABASE', 'xxx');
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', 'mysql');
?>

 

I get the feeling it's something so simple that I just keep missing. Any help would be appreciated.

Posted

  define('HTTP_COOKIE_DOMAIN', '.www.xxx.org');
 define('HTTPS_COOKIE_DOMAIN', '.xxx.org');

 

In your osc admin panel :: Admin >> Configuration -> Sessions

 

Prevent Spider Sessions << set to TRUE

Posted

Also i believe that cookie settings should not have http or https as a prefix

 

define('HTTP_COOKIE_DOMAIN', 'http://www.xxx.org');

define('HTTPS_COOKIE_DOMAIN', 'https://xxx.org');

 

to

 

define('HTTP_COOKIE_DOMAIN', 'www.xxx.org');

define('HTTPS_COOKIE_DOMAIN', 'www.xxx.org');

 

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Posted

Thanks for the help, I knew it was something simple. It now goes away within 3 clicks, which as I understand is the oscommerce natural behavior. Its nice to have it fixed, but it'd be nicer to have it fixed-er, anybody know how to rid it from the URL permanently? My boss said he found some code and contribution to do this, but now he can't find or remember it :/ I think it's a myth but I thought I would ask.

 

Thanks again.

Posted

If you go into your shops admin and under configuration >> sessions set Force Cookies to True...then its permanently gone....

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...