Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Order confirmation email link and force cookies


Patrick73

Recommended Posts

Posted

Order confirmation and order status updates sends email to customer with link to account_history_info.php where customers access their order info. When I set force cookies to true, customers are not redirected to account_history_info after login but to the default index.php.

 

I have worked with this for a while and cleared browser cache and cookies and can not find the cause.

 

In configuration-->sessions, I have recreate sessions to true.

 

Works fine with force coockies off.

 

Prblem with ssl certificate??

 

Thanks,

 

Patrick

Posted

In configuration-->sessions, I have recreate sessions to true.

What happens if you turn on Force Cookies and turn off Recreate Sessions? Have you tried viewing the cookies before clicking the link, after clicking but before login, and after login to see how they change?

 

You also might consider posting your store URL. What are the _COOKIE_ settings from your includes/configure.php file?

 

If you post your includes/configure.php file, remember to remove the DIR_FS and DB entries.

Always back up before making changes.

Posted

Have you tried viewing the cookies before clicking the link, after clicking but before login, and after login to see how they change?

 

 

When I force cookies, there is an additional cookie called cookie_test that is added.

 

With Force cookies false, the oscid is added to the url and it changes after login but it is still in the url for the first 2 pages (clicks).

With force cookies to true, the oscid is not added to url and the oscid cookie value changes value after login!!!!

Both theses situations with recreate sessions to true.

 

define('HTTP_SERVER', 'http://www.lavoliere.ca');

define('HTTPS_SERVER', 'https://www.lavoliere.ca');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'lavoliere.ca');

define('HTTPS_COOKIE_DOMAIN', 'lavoliere.ca');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('STORE_SESSIONS', 'mysql');

 

Thanks

Posted

Removing cookie_test from application top allows the email status update link to work , but I only did this for testing as it causes other login issues.

 

if (SESSION_FORCE_COOKIE_USE == 'True') {

tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain);

 

if (isset($HTTP_COOKIE_VARS['cookie_test'])) {

tep_session_start();

$session_started = true;

}

 

 

Any idea?

Posted

In includes/functions/html_output.php in the tep_href_link function, look for the following code:

// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) {
 if (tep_not_null($SID)) {
 $_sid = $SID;
 } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
 if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
	 $_sid = tep_session_name() . '=' . tep_session_id();
 }
 }
}

and try changing it to

// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ( ($add_session_id == true) && ($session_started == true) ) {
 if (tep_not_null($SID)) {
 $_sid = $SID;
 } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
 if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
	 $_sid = tep_session_name() . '=' . tep_session_id();
 }
 }
}

One line changed (the second in the snippet). None added or removed. This will cause the session ID to appear in the URL. Does it also make things work?

 

Why do you need to recreate sessions? Does something not work if you don't? The changing cookie after login is expected if you recreate sessions -- that's what recreate sessions does. It gives you a new session ID.

Always back up before making changes.

Posted

Hey Matt,

 

Thanks for the efforts. I changed the code in html output with the same outcome (link not redirecting with force cookies on) but the oscid now being passed in the URL under ssl.

 

If I set recreate sessions to false, the cookie osCsid has the same value before and after log in, but again the link is redirected to default rather than account_history_info.

 

I have logged out of my store, set recreate sessions to false, cleared the sessions table in database, cleared cookies in browser and the link still redirects to index after login rather than account_history_info when force cookies are true.

 

This is probably not a configuration problem but a missed update/addons redirect that I've screwed somewhere.

 

What makes a link, under force cookies true, redirect to default instead of account_history_info???

Posted

I checked my apache error log and found this PHP Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in .../includes/functions/database.php on line 99, referer: https://www.lavoliere.ca/login.php

 

Which is the return line from this:

 

function tep_db_fetch_array($db_query) {

return mysqli_fetch_array($db_query, MYSQLI_ASSOC);

}

Posted

In login.php there is:

 

if (sizeof($navigation->snapshot) > 0) {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);

$navigation->clear_snapshot();

tep_redirect($origin_href);

} else {

tep_redirect(tep_href_link(FILENAME_DEFAULT));

}

 

that I modified to for testing:

 

 

if (sizeof($navigation->snapshot) > 0) {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);

$navigation->clear_snapshot();

tep_redirect($origin_href);

} else {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);

$navigation->clear_snapshot();

tep_redirect($origin_href);

}

 

With force cookies to true I get an "unable to determine page link error" in the browser when /login.php?action=process which suggest that I have an error with

$navigation->snapshot right ?

 

Any help appreciated.

Posted

print_r($_SESSION);

is the code to display the session data. I'm guessing that it doesn't have an entry for navigation -- not sure that that helps you though. The bigger question is why isn't the navigation object being persisted properly in the session data.

 

You may have to view the HTML source of the page to see the formatted output of the print_r. It's also possible that you'll have to exit before the redirect or comment out the redirect.

Always back up before making changes.

Posted

OK, Here's everything I could pull on the problem:

 

When a customer order is updated in admin/order.php, it sends an email to the customer with a link to view the order online at catalog/account_history_info.php. This is stock Oscommerce operation.

When customer clicks the link in the email, if he is not logged in, account_history_info.php redirects the customer to login.php with a snapshot:

 

if (!tep_session_is_registered('customer_id')) {

$navigation->set_snapshot();

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

}

 

The snapshot is set in includes/classes/navigation_history.php:

 

function set_snapshot($page = '') {

global $PHP_SELF, $HTTP_GET_VARS, $HTTP_POST_VARS, $request_type;

 

if (is_array($page)) {

$this->snapshot = array('page' => $page['page'],

'mode' => $page['mode'],

'get' => $this->filter_parameters($page['get']),

'post' => $this->filter_parameters($page['post']));

} else {

$this->snapshot = array('page' => basename($PHP_SELF),

'mode' => $request_type,

'get' => $this->filter_parameters($HTTP_GET_VARS),

'post' => $this->filter_parameters($HTTP_POST_VARS));

}

}

 

Once the customer logs in, login.php redirects it to the snapshot account_history_info.php as it should, but, if force cookies is set to true, it redirect to DEFAULT (index.php) instead per this in login.php:

 

 

$cart->restore_contents();

 

if (sizeof($navigation->snapshot) > 0) {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);

$navigation->clear_snapshot();

tep_redirect($origin_href);

} else {

tep_redirect(tep_href_link(FILENAME_DEFAULT));

}

 

Why is the snapshot $page not passed when cookies are forced?

 

html_output.php function for link:

 

function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {

global $request_type, $session_started, $SID;

 

$page = tep_output_string($page);

Posted

Hi,

 

I don’t profess to be an expert or even know what I’m doing, but, assuming I understand your problem:

 

 

When ‘SESSION_FORCE_COOKIE_USE’ is set to true -

 

in application_top

tep_setcookie sends a cookie to the client

the presence of a cookie is then checked - if (isset($HTTP_COOKIE_VARS['cookie_test']))

 

On the very first page load a cookie is sent.

Once the cookies have been set, they can be accessed on the next page load therefor the session is not started on page 1 load.

 

If, after clicking on your link you logoff and come right out, then click the link again, you will probably go to the correct page after log in because the cookies will still be present.

 

Two ways that may overcome the problem (neither is particularly elegant but may be fit for purpose) -

 

Option 1) In application top change line (161ish in virgin 2.3.3.4) to start the session

from

if (isset($HTTP_COOKIE_VARS['cookie_test'])) {

to

if (isset($HTTP_COOKIE_VARS['cookie_test']) or $PHP_SELF == FILENAME_ACCOUNT_HISTORY_INFO) {

 

 

or

 

Option 2) In account_history_info.php

after line (13ish) require('includes/application_top.php');

before line (15ish) if (!tep_session_is_registered('customer_id')) {

 

add

if (sizeof($_SESSION)==0) {tep_session_start();$_SESSION['navigation'] = $navigation;}

 

 

If the user won’t accept cookies, the cookie_usage.php seems be called in both cases.

 

If either option serves your purpose, don’t get too excited, someone with more knowledge may shoot both down in flames. It would be good if either/both options could be confirmed by someone that knows what they’re talking about.

 

Hopefully there will be no issues with the oscid not being set or going walkabout, or with anything else SESSION related (it should be fine if the user log out again, but if they stay on site?)?

Posted

Hey Jimbo,

 

I opted for your option # 2 since it is the only link that I could think that we send customers where they need to log in before viewing the page.

 

The link redirects properly and a first session is registered in the database table with value: navigation|O:17:"navigationHistory":2:{s:4:"path" and a 2nd session after login.

 

When checking admin/whos_online.php, 2 entries are created and both time out and delete. Recreate session is set to true, so my guess I that everything is fine.

 

If cookies are disabled in browser, it redirects to cookie_usage.php as it should.

 

Thanks a lot, will post problems if I see any in the next days.

 

Patrick

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...