brudan Posted November 18, 2013 Posted November 18, 2013 I am having problems with my site. When someone tries to login to their account they get these errors Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home2/brudan/public_html/catalog/includes/languages/english/login.php:2) in /home2/brudan/public_html/catalog/includes/functions/sessions.php on line 102 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home2/brudan/public_html/catalog/includes/languages/english/login.php:2) in /home2/brudan/public_html/catalog/includes/functions/sessions.php on line 102 Warning: Cannot modify header information - headers already sent by (output started at /home2/brudan/public_html/catalog/includes/languages/english/login.php:2) in/home2/brudan/public_html/catalog/includes/functions/general.php on line 45 Can anyone help me out here? Also... why does my address bar only show bslales.com and not http.. etc...? And because of the theme i have installed and other addons my SSL cert is not working correctly.. is this a problem with OSCommerce? I know.. alot of questions.. sorry..
brudan Posted November 19, 2013 Author Posted November 19, 2013 Ok.. hostgator support had me add some code to my htaccess and it worked but my admin part of the site is not working with the htaccess enabled. It looks like oscommerce is setup for SSL . Anyone know how to secure my site and unsecure the admin area? Can I move the admin area out of the main site? If so.. how? Anyone have any ideas?
MrPhil Posted November 19, 2013 Posted November 19, 2013 Take out the stuff from .htaccess. The place to start is to find out why you get the first "Cannot send session cookie" message. That usually means that something is sending output to the browser too early, before all the HTTP header stuff has been completed. The error message says that the offending file is in or about line 2 of /catalog/includes/languages/english/login.php. Check there and see what it's writing to the browser. Compare it against a browser "View Page Source" and see if there is a stray blank or Byte Order Mark being sent (the latter is common in UTF-8 language files). See if even you've been hacked and someone added unauthorized code to login.php! By the way, what osC version are you running? If it's 2.2, there are a LOT of security patches you need to apply, pronto. There are also many fixes to permit recent PHP versions. You'd be best off migrating to 2.3.3.4.
brudan Posted November 19, 2013 Author Posted November 19, 2013 Thank you MrPhil. I found the problem to the login and its working now. I am running 2.3.1 as of now. I was going to use 2.3.3.4 but the addons I wanted to use don't work in there yet. I am not the best at coding so I don't know how to modify them. I still have the problem of not being able to access my admin site while the SSL is active. I can block SSL access to the site and it works fine but when I unblock SSL i can't get my admin to work. I log in and it gives me a 404 error. Any ideas on this? Also, I have some affiliate programs I am part of and the links to those are not working with SSL turned on. Is there a way around this? Again.. thank you for your help.
MrPhil Posted November 20, 2013 Posted November 20, 2013 My understanding is that most add-ons that work for 2.3.1 will work for 2.3.3.4. Maybe if you listed them (here or in a new thread), people familiar with them could chime in and tell you if they work unmodified, need a little work, or aren't worth the effort. When you say "SSL turned on", are you saying "with https: protocol", or something else? Have you checked what your SSL certificate (private, I presume) is issued for -- the www. or non-www. form of your domain? One usually won't work with the other, so make sure everything's consistent.
brudan Posted November 21, 2013 Author Posted November 21, 2013 I should have elaborated. Hostgator gave me a code, for my htaccess, to force all my pages to show the HTTPS. When I have that working and all my pages show the https in the address, the admin site won't work and neither will the affiliate links that I have. When the site doesn't show the https everything works fine and the only time https shows is when its on a page that requires customer input. I would rather have the https showing at all times so my customers see that its secure from the start. But as long as their information is encrypted that is all that really matters. The company I got the SSL from coded it to work with both the www and without. The addons I am really needing is the Easy Populate and SEO headers. the others are just for looks mainly. I see a new Easy Pop that is supposed to work on 2.3.3.4 also. I am looking at that. I am going to keep the one I have for now, because i have a theme for the holidays that I like and not sure I can make it work for 2.3.3.4. Still learning all this stuff and don't want to get to deep as of yet. Again.. thank you.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.