GD Posted July 11, 2003 Share Posted July 11, 2003 Hey guys n' gals I need your help, Here's the code below - from my new catalog/includes/configure.php. What I need to know is, what should I enter into the new cookie path "define" lines! // Define the webserver and path parameters// * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTPS_SERVER', 'https://www.yourdomain.com'); define('ENABLE_SSL', 'true'); // secure webserver for catalog define('DIR_FS_DOCUMENT_ROOT', '/home/user_name/public_html'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_CATALOG', '/catalog/'); // absolute path required define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG_IMAGES); define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com'); define('HTTP_COOKIE_PATH', ''); <--Here? define('HTTPS_COOKIE_PATH', ''); <--Here? define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); Thanks! Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet! Link to comment Share on other sites More sharing options...
GD Posted July 13, 2003 Author Share Posted July 13, 2003 Okay somebody out there, Is this correct :?: define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com'); define('HTTP_COOKIE_PATH', '/home/user_name/public_html'); define('HTTPS_COOKIE_PATH', '/home/user_name/public_html'); Or is this correct :?: define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); Thanks! Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet! Link to comment Share on other sites More sharing options...
GD Posted July 14, 2003 Author Share Posted July 14, 2003 Wow - no response :?: All the original osC-loyalist must be off making lots of money or just having a long weekend vacation. Good for them, bad for us. :wink: This small step must have every new osC user baffled, as I haven't heard from anyone new or usually reliable for help. --end of vent-- Help, anyone using the latest version of osCommerce CVS 2.2 with these new enteries (see my post above) added and currently working in their' catalog/includes/configure.php. Thanks! Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet! Link to comment Share on other sites More sharing options...
syscon Posted July 14, 2003 Share Posted July 14, 2003 I had a problem with cookies as well, I couldn't check-out. It seems to me the setup for cookie should be root server. In my case it is "/" 'HTTP_COOKE_PATH', '/') I think the reason my cookie setting wasn't working as the path was /catalog/ Joseph #Joseph Link to comment Share on other sites More sharing options...
winterradio Posted July 14, 2003 Share Posted July 14, 2003 I have configure.php defined as below: define('HTTP_COOKIE_DOMAIN', 'yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', 'yourdomain.com'); define('HTTP_COOKIE_PATH', '/'); <--Here? define('HTTPS_COOKIE_PATH', '/'); <--Here? define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); This server works fine as it should because this addition was made principly for shared servers because: I also have another website which uses a shared server and wildcard ssl cert. I have not been able to pass the non-secure cookie information to the secure cookie with any of the following configurations. The two cookies issued are seperate and the secure cookie drops the information stored on the non secure cookie. What I have is as follows: define('HTTP_COOKIE_DOMAIN', 'yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', 'wildcardssl.yoursecuredomain.com'); define('HTTP_COOKIE_PATH', '/'); <--Here? define('HTTPS_COOKIE_PATH', '/www/sitename/'); <--Here? define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); have also tried: define('HTTP_COOKIE_DOMAIN', 'yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', 'wildcardssl.yoursecuredomain.com'); define('HTTP_COOKIE_PATH', '/'); <--Here? define('HTTPS_COOKIE_PATH', '/'); <--Here? define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); to no avail, was there further documentation outlining the process to properly configure shared servers that I am unaware of? I'd appreciate any help in this matter as well. Thank you Link to comment Share on other sites More sharing options...
syscon Posted July 14, 2003 Share Posted July 14, 2003 Look for posting made by Harald in Development Forum Subject: Security Proposal Author: hpdl He explain how the Cookie suppose to work, posting made Jan 18 Hope this helps. Joseph #Joseph Link to comment Share on other sites More sharing options...
GD Posted July 15, 2003 Author Share Posted July 15, 2003 Okay syscon and winterradio, So what you two were saying was, because I have my own hosted server and private SSL Certificate for my domain... I should use: define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); Because this setting sets the top level directory from which a cookie can be read. Setting the path of a cookie to the top-level directory "root" of my Web pages, and the cookie is readable by all my Web pages. Correct :?: syscon And I did look at the post made by Harald in Development Forum, but it did not state the path settings. Thanks! Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet! Link to comment Share on other sites More sharing options...
syscon Posted July 15, 2003 Share Posted July 15, 2003 We host our own domain as well and have a certificate as well. The path should be the root server I think, this setting works for us. Joseph #Joseph Link to comment Share on other sites More sharing options...
GD Posted July 15, 2003 Author Share Posted July 15, 2003 The path should be the root server I think, this setting works for us. Thanks syscon, I'll use the "/" setting then. 8) Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet! Link to comment Share on other sites More sharing options...
marcgaston Posted July 22, 2003 Share Posted July 22, 2003 I am experiencing the same problem as winterradio with my shared ssl server. No matter how I configure the cookie domains and cookie paths I receive the No Cookie usage error page when I switch from an http to an https page. Unfortunately I have to use the force cookie usage flag because my provider has php 4.2.3 installed which has a bug. This bug's only workaround is the force cookie usage flag :( Catch22 Any help is appreciated. Marc Link to comment Share on other sites More sharing options...
AllenConquest Posted July 28, 2005 Share Posted July 28, 2005 Did anyone sort out the configuration for using cookies between a normal domain and a https domain on a shared certificate site ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.