Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Questions about session settings.


hughesca

Recommended Posts

I've discovered that AOL users and IE 9 users are having difficulty with the login/checkout pages on OSC v2.3.1. I've found a fix searching here, however I'm trying to decide if the fix is worth it.

 

I am using SSL and here are my current settings:

 

Force Cookie Use = True

Check SSL Session ID = True

Check User Agent = True

Check IP Address = False

Prevent Spider Sessions = True

Recreate Session = True

 

Here is what they suggest to fix the AOL/IE9 issue:

 

Force Cookie Use = False

Check SSL Session ID = True

Check User Agent = False

Check IP Address = False

Prevent Spider Sessions = True

Recreate Sessions = True

 

Will turning off Force Cookie Use and Check User Agent cause any possible security issues or issues w/my SSL?

 

Much appreciated!

 

Peace,

Chris

Link to comment
Share on other sites

It is used to prevent sessions from being used by someone else. With prevent spiders set to true and a url rewriter properly installed, there isn't much reason for it, that I can see.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 1 month later...

In fact, in my opinion, one should never use the Force Cookies option.

 

Why is that?

 

I was playing around with some settings trying to get rid of my urls showing oscid and it seems that setting Force Cookie Use to True fixed it.

 

When it is set to true the oscid finally disappears from my urls.

Link to comment
Share on other sites

 

Why is that?

 

I was playing around with some settings trying to get rid of my urls showing oscid and it seems that setting Force Cookie Use to True fixed it.

 

When it is set to true the oscid finally disappears from my urls.

Yes, setting that option will "fix" the session problem since the session is used for that purpose any longer. The problem with force cookies is that if a customer doesn't have cookies enabled (yes, that happens), then they are presented with a message telling them they must enable them. When I run across a site that says I have to change my settings to use it, I leave. Perhaps your customers are different. If not, and you don't mind losing customers, then you should leave force cookies on. But if it matters to you, then it should be turned off and the configure file setup properly.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Yes, setting that option will "fix" the session problem since the session is used for that purpose any longer. The problem with force cookies is that if a customer doesn't have cookies enabled (yes, that happens), then they are presented with a message telling them they must enable them. When I run across a site that says I have to change my settings to use it, I leave. Perhaps your customers are different. If not, and you don't mind losing customers, then you should leave force cookies on. But if it matters to you, then it should be turned off and the configure file setup properly.

 

 

Ahh okay I see.

 

No I am the same way, I don't like things like that.

 

But I just can't seem to find out how to get rid of the oscid path.

 

I went through that link you recommended (about the configure files) but didn't see anything wrong there, unless I am still overlooking something. Someone else in that thread also asked about the oscid but nobody responded to him.

Link to comment
Share on other sites

Jack,

 

What is your recommendation for these session variables (other than cookie use) for the smoothest flow.

 

I have mine on my most used site set to

Force Cookie Use = False

Check SSL Session ID = False

Check user Agent = False

Check IP Address = False

Prevent Spider Sessions = True

Recreate Sessions = False

 

I'm not really sure which browsers do what with these (except the cookie one), or not sure how they affect the customer's experience. I hate to experiment to find out I am turning people away, or is it possible I already am?

Link to comment
Share on other sites

Jack,

 

What is your recommendation for these session variables (other than cookie use) for the smoothest flow.

 

I have mine on my most used site set to

Force Cookie Use = False

Check SSL Session ID = False

Check user Agent = False

Check IP Address = False

Prevent Spider Sessions = True

Recreate Sessions = False

 

I'm not really sure which browsers do what with these (except the cookie one), or not sure how they affect the customer's experience. I hate to experiment to find out I am turning people away, or is it possible I already am?

I recommend turning on Prevent Spiders and.Recreate Sessions. The others, except for Force Cookies, won't hurt to be on but are probably not necessary.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...