dahammer2 Posted June 6, 2003 Posted June 6, 2003 Hi I'm using the snapshot from 2 days ago. When proceding to the "Checkout_confirmation.php" page after selecting my desired payment gateway this page generates the form for posting to desired processor. the relevant code: echo tep_draw_form('checkout_confirmation', $form_action_url, 'post'); if (is_array($payment_modules->modules)) { echo $payment_modules->process_button(); } echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "n"; Somehow a hidden field "oscSid" is added to this form even tho no where does the code spefically add it. If for instance I changed the above code to this <form > test <input type="hidden" name="bill" value="bob"> </form> the output would be like this <form ><input type="hidden" name="osCsid" value="2405fdf16da53f47f1563a6d43cfa1d7" /> test <input type="hidden" name="bill" value="bob"> </form> I did a test on my local win2k box and this doesn't occur so I imagine some apache/*nix magic is happening here. The problem is that some payment processors fallover if you send it exta post fields that it doesn't recognise. Can I turn this off for just this page/form?
Daemonj Posted June 8, 2003 Posted June 8, 2003 It is added from the process_button function in all of the payment modules. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
dahammer2 Posted June 8, 2003 Author Posted June 8, 2003 It is added from the process_button function in all of the payment modules. I can't see how thats possible as in one example I don't even call that function. (plus I can't even see hte oscSid in the process button function) Its something added to all forms through out the whole site If i put this static html into the page <form > test <input type="hidden" name="bill" value="bob"> </form> I get this as the output <form ><input type="hidden" name="osCsid" value="2405fdf16da53f47f1563a6d43cfa1d7" /> test <input type="hidden" name="bill" value="bob"> </form> And only on apache/*nix versions. This suggests that there is some sort of session management in place and some sort of module that automatically writes the session id to forms. if you goto www.boeschcomputing.com.au/os/default.php you can see that all forms on every page has this oscSid. You can login as "[email protected]" password "12345" and goto the checkout and see I've removed the process button. But if you look at the html source u will see a dummy form as above. This is just a test site i whacked up to test it on a *nix machine, so don't worry about breaking anything.
Daemonj Posted June 8, 2003 Posted June 8, 2003 The tep_href_link function automatically adds the session in those cases. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
dahammer2 Posted June 8, 2003 Author Posted June 8, 2003 My whole point is that I'm calling <b>no</b> functions I'm just inserting a static html form into any .php file which has the oscommerce includes. i.e. <form > test <input type="hidden" name="bill" value="bob"> </form> No functions are called, yet is still out puts the oscsid as ahidden form field. Obviously something is going on I'm unaware off but its not via the calling of one of the standard html output functions. Thanks Hamish
Daemonj Posted June 8, 2003 Posted June 8, 2003 Since osC disables use_trans_sid and you are not calling any functions, I do not see how the session id can be getting added. Just for grins, disable use_trans_sid in your php.ini and see if that does not help. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
dahammer2 Posted June 8, 2003 Author Posted June 8, 2003 Ok Well, its on a shared hosting account so its not easy for me to edit the php.ini file. I tried turning it off via ini_set('session.use_trans_sid','0'); echo ini_get('session.use_trans_sid'); But it still tells me its enabled. But for the recored, this would be the problem you think?
Daemonj Posted June 8, 2003 Posted June 8, 2003 If use_trans_sid is enabled that is what is doing it. Since you are on a shared server, the easiest way to do this is to edit your public_html/.htaccess file and add: php_value session.use_trans_sid 0 Try that and see what happens. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein
goliathdrakken Posted April 16, 2008 Posted April 16, 2008 I'm having the same problem. However i tried adding php_value session.use_trans_sid 0 to my .htaccess file and i get a 500 error. Any other ideas?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.