Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Session problem,user doesn't stay logged in,shared ssl,HELP!

ryans1000

By ryans1000
in General Support

Recommended Posts

ryans1000

ryans1000

Posted
Posted

I've been trying to solve this problem for quite some time now, I would really appreciate you help. It would make my month if I could get this fixed and continue on with setting up other things on my site. Please help!!!

 

I have a shared SSL setup. The problem is when I login,checkout etc (anything on the secure server) I get logged out whenever I go back to the nonSSL/http side of things. I always get the "Welcome Guest" message. I've tried both STORE_SESSIONS by the default method and storing sessions through the database. I did verify that my database does recieve the session information in it.

 

My http server is http://www.importevolution.com and my secure server is https://secured.com/~f1429 . I have the admin page set up on the http server at catalog/admin. The ssl and nonssl reside on physically seperate servers. I'm using OSC2.2 daily release 01/28/03. Had this problem with no contribs installed. Tried the latest autologin contrib to see if it would help but it didn't.

 

Feel free to view my site at http://www.importevolution.com/catalog

 

This is what my http and https catalog/configure.php files look like

 

// Define the webserver and path parameters 

// * DIR_FS_* = Filesystem directories (local/physical) 

// * DIR_WS_* = Webserver directories (virtual/URL) 

 define('HTTP_SERVER', 'http://www.importevolution.com'); // eg, http://localhost - should not be NULL for productive servers 

 define('HTTPS_SERVER', 'https://www.securedpage.com/~f1429'); // eg, https://localhost - should not be NULL for productive servers 

 define('ENABLE_SSL', true); // secure webserver for checkout procedure? 

 define('DIR_WS_CATALOG', '/catalog/'); // absolute path required 

 define('DIR_WS_IMAGES', 'images/'); 

 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); 

 define('DIR_WS_INCLUDES', 'includes/'); // If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), this can be a URL instead of a local pathname 

 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); 

 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); 

 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); 

 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); 

 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); 



 define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/'); 

 define('DIR_FS_DOCUMENT_ROOT', '/usr/local/plesk/apache/vhosts/importevolution.com/httpdocs'); 

 define('DIR_FS_CATALOG', '/usr/local/plesk/apache/vhosts/importevolution.com/httpdocs/catalog/'); 

 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); 

 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); 



// define our database connection

 define('DB_SERVER', 'importevolution.com'); // eg, localhost - should not be NULL for productive servers

 define('DB_SERVER_USERNAME', 'xxx');

 define('DB_SERVER_PASSWORD', 'xxx');

 define('DB_DATABASE', 'ryans100');

 define('USE_PCONNECT', 'false'); // use persistent connections?

 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

medisave

medisave

Posted
Posted

Have you copied everything over to your secure area and set permissions - for a start images seem to be missing?

Graham Wright

________________

ryans1000

ryans1000

Posted
  • Author
Posted

The permissions are set correctly as far as I know, the images missing problem is because I have to manually upload images to the SSL side whenever I add a product. I need to copy them over yet. I've tried to fix the images problem but have come to the conclusion that when the ssl and nonssl parts of you site reside on physically seperate servers, than OSC can't upload the images to the SSL side.

mugitty

mugitty

Posted
Posted

Ryan;

 

My shared SSL setup is similar to yours and I've had running problems with it, too.

 

You might try getting rid of the 'www' in the SSL server name. Make sure you change both catalog and admin configure files. If that doesn't help, try removing 'www' from the NONSSL server name.

 

If that doesn't help, I'm out of ideas.

... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

ryans1000

ryans1000

Posted
  • Author
Posted

Muggity: tried both your suggestions, no difference.

 

Code correction from above, my https is actually set to

'HTTPS_SERVER', 'https://secured.com/~f1429'

My host bought that domain so that was changed but I accidently pasted an older code sniplet above.

 

Also, I have no contribs installed except autologin which I put on to try to fix this problem but it didn't fix it.

mouflon

mouflon

Posted
Posted

I do believe the problem here is that as soon as you move back and forth across servers, you are issued a new session id.

 

Do you have your code duplicated on the two servers? If so, are both set to store the session in the datbase?

 

I recently ran into a similar situation (not an oscommerce site) where I had to pass the session information from one server to another in order for my authentication software to work properly. I stored the session information in the database rather than a file, then had the application on the second server reauthenticate the session id using the passed variable against the one stored in the database.

Unexpect the Expected

ryans1000

ryans1000

Posted
  • Author
Posted

mouflon: I agree, the problem is probably the move back and forth across servers.

 

The configure.php files are duplicated on both servers. Sessions are configured to store in the mysql database on both sides. I can even see that the session information does indeed get inserted into the 'session' table in the database!

 

The 'osCsid' does get passed around in the url as you go from ssl to nonssl. Appears to use the same session id throughout.

 

Its seems to me like the 'osCsid' is there but osc wont or cant look it up in the database but session info it is in fact in the database.

mouflon

mouflon

Posted
Posted

The problem is that php insists on issuing a new session id as soon as you move to the new server, even if it is being passed in the url. You will have to find a way to initialize the new session with old session information. I'll try and dig into my brain (and old code) and let you know how I did it, and whether it is applicable to oscommerce.

 

Jeff

Unexpect the Expected

simondj

simondj

Posted
Posted

I've got the same problem, when leaving the secure server the session seem to be lost.....but on returning to the secure server the session is picked up again.....

 

I've tried both writing sessions to /tmp directory and also to the database and neither of these resolve the problem.

 

Please let me know if you manage to get a fix to this......then I can sleep again!

Best regs,

Simon.

mouflon

mouflon

Posted
Posted

OK - here we go. This technique worked on a non oscommerce site. I have not tested it with oscommerce, as I am not running my SSL server on a seperate box.

 

First, create a new file - mysql_session.php and put it in the includes/functions directory

 

It's a slight tweak from the code included in sessions.php, but this way you can test it without making any changes to the core code.

 

here's the code (change the variables as necessary) Make sure that the user defined has rights to access your database from the ssl server.

 

 

<?



$SESS_DBHOST = "database.server.com";    

$SESS_DBNAME = "osc_database";    

$SESS_DBUSER = "db_username";

// IMPORTANT - make sure this user has access rights on database.server.com  

$SESS_DBPASS = "db_password";  



$SESS_DBH = "mysql";

$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");



function sess_open($save_path, $session_name) {

global $SESS_DBHOST, $SESS_DBNAME, $SESS_DBUSER, $SESS_DBPASS, $SESS_DBH;



if (! $SESS_DBH = mysql_pconnect($SESS_DBHOST, $SESS_DBUSER, $SESS_DBPASS)) {

 echo "<li>Can't connect to $SESS_DBHOST as $SESS_DBUSER";

 echo "<li>MySQL Error: ", mysql_error();

 die;

}



if (! mysql_select_db($SESS_DBNAME, $SESS_DBH)) {

 echo "<li>Unable to select database $SESS_DBNAME";

 die;

}



return true;

}



function sess_close() {

return true;

}



function sess_read($key) {

global $SESS_DBH, $SESS_LIFE;



$qry = "SELECT value FROM sessions WHERE sesskey = '$key' AND expiry > " . time();

$qid = mysql_query($qry, $SESS_DBH);



if (list($value) = mysql_fetch_row($qid)) {

 return $value;

}



return false;

}



function sess_write($key, $val) {

global $SESS_DBH, $SESS_LIFE;



$expiry = time() + $SESS_LIFE;

$value = addslashes($val);



$qry = "INSERT INTO sessions VALUES ('$key', $expiry, '$value')";

$qid = mysql_query($qry, $SESS_DBH);



if (! $qid) {

 $qry = "UPDATE sessions SET expiry = $expiry, value = '$value' WHERE sesskey = '$key' AND expiry > " . time();

 $qid = mysql_query($qry, $SESS_DBH);

}



return $qid;

}



function sess_destroy($key) {

global $SESS_DBH;



$qry = "DELETE FROM sessions WHERE sesskey = '$key'";

$qid = mysql_query($qry, $SESS_DBH);



return $qid;

}



function sess_gc($maxlifetime) {

global $SESS_DBH;



$qry = "DELETE FROM sessions WHERE expiry < " . time();

$qid = mysql_query($qry, $SESS_DBH);



return mysql_affected_rows($SESS_DBH);

}



session_set_save_handler(

"sess_open",

"sess_close",

"sess_read",

"sess_write",

"sess_destroy",

"sess_gc");

?>

 

Then in application_top.php change

// define how the session functions will be used

 require(DIR_WS_FUNCTIONS . 'sessions.php');

 tep_session_name('osCsid');

to

// define how the session functions will be used

 require(DIR_WS_FUNCTIONS . 'mysql_session.php');

 require(DIR_WS_FUNCTIONS . 'sessions.php');

 tep_session_name('osCsid');

Note that if you are using PHP3, you'll probably have to include the file in application_top.php in tthe sequence around line 140.

 

Then turn off the flag telling oscommerce to use mysql for sessions as this new file will be taking care of that and will be invoked whenever there is a session call. Keep in mind that sessions are now always handled in the database, until it's proved working and can be moved into session.php.

 

 

If it works, let me know, and I'll look at integrating it into the code for you.

 

Remember, this is completely untested in oscommerce, but at worst, it won't break anything, if it blows up, just remove the include from application_top.php.

Jeff

Unexpect the Expected

mouflon

mouflon

Posted
Posted

I just noticed a little something I left out, but in the process, had a thought. I'm going to do a little playing around on one of my test sites, and post back here in a little while. I think it may be somethng much simpler.....

 

So meanwhile, don't implement this code yet.

Unexpect the Expected

mouflon

mouflon

Posted
Posted

Well.... this doesn't blow up on my test site - but again remember, it' on the same server.

 

Add to application_top.php, somewhere near the top:

 

$osCsid=$_GET['osCsid'];

 

Let me know if that works for you....

 

Jeff

Unexpect the Expected

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...