Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.


Recommended Posts



I have installed the SagePay server v 1.2 module on oscommerce 2.3.3.


I am using the Server method when accessing SagePay.


I have a VPS hosted solution with it's own SSL certificate.


Everything works fine until I set FORCE_SESSION_COOKIES to true.


If it is set to true, the system returns the login page from the initial redirect.


I have ultimate SEO installed, but version 1.2 of the SagePay module contains code to work around the "&" to "amp" conversion problem documented elsewhere.


Switching SEO on/off makes no difference. Switching W3C URL's on/off makes no difference.



Can anyone point me in the direction of a fix or give some clues how to fix this.



Link to comment
Share on other sites



For anyone who may be interested, I finally managed to track down where this is going wrong.


in application_top.php, we have the following piece of code :-



if (!isset($HTTP_COOKIE_VARS['cookie_test'])) {

tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain);


if (isset($HTTP_COOKIE_VARS['cookie_test']) {


$session_started = true;




when the SagePay Server was posting the callback this code was failing - ie the "cookie_test" cookie was not being found, even after an attempt to create it. Eventually, the login page was called.



I changed the second test to be :-


if ((isset($HTTP_COOKIE_VARS['cookie_test'])) || ($PHP_SELF=='checkout_process.php')) {


$session_started = true;



and the code works OK (it always had a valid oscid).


Checking the referrer is indeed the SagePay production server will make sure this only works for callbacks from that site.



If anyone can shed some light on why the setcookie fails, I would be interested to know.

Edited by IainMHamilton
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...