Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

New cookie path settings in configure.php?


GD

Recommended Posts

Hey guys n' gals I need your help,

 

Here's the code below - from my new catalog/includes/configure.php.

 

What I need to know is, what should I enter into the new cookie path "define" lines!

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTPS_SERVER', 'https://www.yourdomain.com');

define('ENABLE_SSL', 'true'); // secure webserver for catalog

define('DIR_FS_DOCUMENT_ROOT', '/home/user_name/public_html'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG_IMAGES);

define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com');

define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com');

define('HTTP_COOKIE_PATH', ''); <--Here?

define('HTTPS_COOKIE_PATH', ''); <--Here?

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

Thanks!

Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet!

Link to comment
Share on other sites

Okay somebody out there,

 

 

Is this correct :?:  

 

define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com');  

define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com');  

define('HTTP_COOKIE_PATH', '/home/user_name/public_html');  

define('HTTPS_COOKIE_PATH', '/home/user_name/public_html');

 

Or is this correct :?:  

 

define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com');  

define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com');  

define('HTTP_COOKIE_PATH', '/');  

define('HTTPS_COOKIE_PATH', '/');

 

Thanks!

Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet!

Link to comment
Share on other sites

Wow - no response :?:

 

All the original osC-loyalist must be off making lots of money or just having a long weekend vacation.

 

Good for them, bad for us. :wink:

 

This small step must have every new osC user baffled, as I haven't heard from anyone new or usually reliable for help.

 

--end of vent--

 

Help, anyone using the latest version of osCommerce CVS 2.2 with these new enteries (see my post above) added and currently working in their' catalog/includes/configure.php.

 

Thanks!

Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet!

Link to comment
Share on other sites

I had a problem with cookies as well, I couldn't check-out.

 

It seems to me the setup for cookie should be root server.

In my case it is "/"

'HTTP_COOKE_PATH', '/')

 

I think the reason my cookie setting wasn't working as the path was /catalog/

 

Joseph

#Joseph

Link to comment
Share on other sites

I have configure.php defined as below:

 

define('HTTP_COOKIE_DOMAIN', 'yourdomain.com');

define('HTTPS_COOKIE_DOMAIN', 'yourdomain.com');

define('HTTP_COOKIE_PATH', '/'); <--Here?

define('HTTPS_COOKIE_PATH', '/'); <--Here?

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

This server works fine as it should because this addition was made principly for shared servers because:

 

I also have another website which uses a shared server and wildcard ssl cert. I have not been able to pass the non-secure cookie information to the secure cookie with any of the following configurations. The two cookies issued are seperate and the secure cookie drops the information stored on the non secure cookie. What I have is as follows:

 

define('HTTP_COOKIE_DOMAIN', 'yourdomain.com');

define('HTTPS_COOKIE_DOMAIN', 'wildcardssl.yoursecuredomain.com');

define('HTTP_COOKIE_PATH', '/'); <--Here?

define('HTTPS_COOKIE_PATH', '/www/sitename/'); <--Here?

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

have also tried:

 

define('HTTP_COOKIE_DOMAIN', 'yourdomain.com');

define('HTTPS_COOKIE_DOMAIN', 'wildcardssl.yoursecuredomain.com');

define('HTTP_COOKIE_PATH', '/'); <--Here?

define('HTTPS_COOKIE_PATH', '/'); <--Here?

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

to no avail, was there further documentation outlining the process to properly configure shared servers that I am unaware of? I'd appreciate any help in this matter as well.

 

Thank you

Link to comment
Share on other sites

Look for posting made by Harald in Development Forum

 

Subject: Security Proposal

Author: hpdl

 

He explain how the Cookie suppose to work, posting made Jan 18

Hope this helps.

 

Joseph

#Joseph

Link to comment
Share on other sites

Okay syscon and winterradio,

 

So what you two were saying was, because I have my own hosted server and private SSL Certificate for my domain...

 

I should use:

 

define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com');

define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

Because this setting sets the top level directory from which a cookie can be read. Setting the path of a cookie to the top-level directory "root" of my Web pages, and the cookie is readable by all my Web pages.

 

Correct :?:

 

syscon

 

And I did look at the post made by Harald in Development Forum, but it did not state the path settings.

 

Thanks!

Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet!

Link to comment
Share on other sites

The path should be the root server I think, this setting works for us.

 

Thanks syscon,

 

I'll use the "/" setting then. 8)

Running osC - 2.2MS2. P.S. Please don't ask for a link to my site, it is on a production server and not available for the general public, yet!

Link to comment
Share on other sites

I am experiencing the same problem as winterradio with my shared ssl server. No matter how I configure the cookie domains and cookie paths I receive the No Cookie usage error page when I switch from an http to an https page.

 

Unfortunately I have to use the force cookie usage flag because my provider has php 4.2.3 installed which has a bug. This bug's only workaround is the force cookie usage flag :( Catch22

 

Any help is appreciated.

 

Marc

Link to comment
Share on other sites

  • 2 years later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...