Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Force Cookies - Yes or No?


Mort-lemur

Recommended Posts

Posted

Hi,

 

I have read various posts on this and can't determine the correct way....

 

I have had cookie use set to false, but have had a few problems with people adding items to their carts only to be told the cart is empty.

 

I have now set cookie use to true, which seems on the surface to fix the problem.

 

My question is - should Cookie use be st to true or false?? - am I missing something?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Posted

I have now set cookie use to true, which seems on the surface to fix the problem.

Do you mean that you went to "Configuration | Sessions" in the admin pages and set "Force Cookie Use" to true?

Check out Chad's News.

Posted

Yes

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Posted

I have read various posts on this and can't determine the correct way....

 

I have had cookie use set to false, but have had a few problems with people adding items to their carts only to be told the cart is empty.

 

I have now set cookie use to true, which seems on the surface to fix the problem.

 

My question is - should Cookie use be st to true or false?? - am I missing something?

Some shoppers won't accept cookies from your shop. When that happens, they get a message saying, "You must enable cookies...," which sounds harsh to me. Some shoppers won't do that and will go away. There's no way to know how many times that will happen but the question is how many customers can you afford to lose if it does happen? So I don't think that option should be used. There's no reason why it needs to be true, at least that I've ever ran across. When having it off doesn't work, the cause is usually due to an incorrectly setup configure file.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted

Then it sounds like you're having problems with sessions, and the cart is stored in the session, so that would make sense.

 

When cookies are not used to store the session, there's an osCsid parameter in the URL that keeps track of the session. This parameter is propagated by consistently using the tep_href_link() function to create links. If you have custom code that doesn't use tep_href_link() to create the links, then that could be the source of the problem.

 

Another possible source would be if the person was entering the shopping cart URL directly into the browser's address bar, and if it had no osCsid parameter or an old osCsid parameter.

Check out Chad's News.

Posted

Hi,

 

OK I need to get to the bottom of this then...

 

Here is my Cat/inc/configure file:

 

define('HTTP_SERVER', 'https://www.xxxxxxx.co.uk');
 define('HTTPS_SERVER', 'https://www.xxxxxxx.co.uk');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.xxxxxxx.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'www.xxxxxxx.co.uk');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/xxxx/public_html/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

And the admin version :

 

 define('HTTP_SERVER', 'https://www.xxxxxxx.co.uk');
 define('HTTP_CATALOG_SERVER', 'https://www.xxxxxxx.co.uk');
 define('HTTPS_CATALOG_SERVER', 'https://www.xxxxxxx.co.uk');
 define('ENABLE_SSL_CATALOG', 'true');
 define('DIR_FS_DOCUMENT_ROOT', '/home/xxxx/public_html/');
 define('DIR_WS_ADMIN', '/xxxxxx/');
 define('DIR_FS_ADMIN', '/home/xxxx/public_html/xxxxxxx/');
 define('DIR_WS_CATALOG', '/');
 define('DIR_FS_CATALOG', '/home/xxxxx/public_html/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

Apart from me running the whole site on https, can you spot an obvious error that might prevent sessions being stored?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Posted

Here is my Cat/inc/configure file:

 

define('HTTP_COOKIE_DOMAIN', 'www.xxxxxxx.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'www.xxxxxxx.co.uk');

 

Apart from me running the whole site on https, can you spot an obvious error that might prevent sessions being stored?

Should be

 define('HTTP_COOKIE_DOMAIN', '.www.xxxxxxx.co.uk');  
define('HTTPS_COOKIE_DOMAIN', '.www.xxxxxxx.co.uk');

You don't show the settings at the bottom of the file but they should be set to store in the database. This thread should supply the details to check that.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted

I have three websites that all have set cookie to true.. There are hundreds of thousands of sites that people use every day that force a cookie and no one cares.. You will probably not loose customers because of it.. Also, if you change the wording on your cookies page it will make people realize why you need the coookies.

 

The reason you COULD be using your session is because you need to use the tep_href to link to maintain the session in the URL.. This is the reason that I force the cookie.. I can add links an dhave people click links throughout my blog without loosing that id..

A great place for newbies to start

Road Map to oscommerce File Structure

DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways!

 

HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you

 

Proud Memeber of the CODE BREAKERS CLUB!!

Posted

Well, I can't say one way or another because I do not know the nature of the business he is involved in.. I can tell you to know your target audience and understand how people browse.. CHANCES are, unless you are selling knitting supplies or hunting gear, people will have cookies on..

A great place for newbies to start

Road Map to oscommerce File Structure

DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways!

 

HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you

 

Proud Memeber of the CODE BREAKERS CLUB!!

Posted

Some basic overall statistics prove that it is unlikely that you will loose customers due to force cookie usasage

 

You can track this yourself, I have tracked it to see if there is a high bounce rate on my force cookie page.. My force cookie page was only displayed 15 times last year total on my site.. which means only 15 visitors to my site even had cookies turned off to trigger than page.

A great place for newbies to start

Road Map to oscommerce File Structure

DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways!

 

HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you

 

Proud Memeber of the CODE BREAKERS CLUB!!

Posted

After looking at your configuration and at the code for tep_href_link(), I'm thinking the cause of the issue might be because you're forcing HTTPS by putting "https" in both the SSL and non-SSL server names. I have an idea on how to re-create the problem.

 

I suggest trying the following:

 

  1. Configure osCommerce such it no longer forces the use of cookies.
  2. Disable cookies in your browser.
  3. Go to your store but do not log in.
  4. Add something to the cart and see if it shows up.
  5. If it does show up, add a few more things and then go through the first few steps of the checkout process (up to the checkout confirmation page) and see if everything looks okay.
  6. Now that you're logged in, try adding more stuff to the cart and see if it shows up.
  7. Try the first few steps of the checkout process again.

Check out Chad's News.

Posted

Simply force cookie use.

 

You obviously have matching SSL/NON SSL domains so the certificate is set up correctly. These days you can't buy from virtually any major shops unless your browser accepts cookies.

 

If you are worried about users being unaware then just add something like the following below the <body> tag of your site ..

 

<noscript>
 <div style="margin: 1em; padding: 0.5em; font-size: 1em; background-color: #ffffdd; border: 1px solid #e5e5e5; color: #FF6600;">
   <p><strong>Javascript is disabled in your browser.</strong></p>
   <p>To use this site ( and most other shops on the internet ) this must be enabled.</p>
 </div>
</noscript>

Posted

OK,

 

Spent a day with cookies off and a day with cookies on.

 

The day with cookies off I got phone calls telling me that they couldnt add certain items to the cart.

 

The day with cookies on - and no problems - all orders received.

 

So I think I will leave cookies forced to on for now.

 

Many Thanks all

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Posted

Simply force cookie use.

 

You obviously have matching SSL/NON SSL domains so the certificate is set up correctly. These days you can't buy from virtually any major shops unless your browser accepts cookies.

 

If you are worried about users being unaware then just add something like the following below the <body> tag of your site ..

 

<noscript>
 <div style="margin: 1em; padding: 0.5em; font-size: 1em; background-color: #ffffdd; border: 1px solid #e5e5e5; color: #FF6600;">
   <p><strong>Javascript is disabled in your browser.</strong></p>
   <p>To use this site ( and most other shops on the internet ) this must be enabled.</p>
 </div>
</noscript>

 

 

Could you tell me exactly where I should put this info? (just file name)

Posted

The given code is a warning to visitors if their Javascript is turned off. I don't think it has anything to do with cookie usage (but I could be wrong). You would have to have different code, output by PHP, when the script determines that it is unable to create a cookie. Maybe someone knows off the top of their head where that would be.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...