Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Session ID...


arse_soul

Recommended Posts

this is taken from the security proposal for ms2.2

 

It is agreed that the session ID has privacy and security related issues when it is attached to the url, so by default osCommerce should be configured to be used only with browsers that have cookies enabled to prevent the session ID from appearing on the url at all.

 

so why with a fresh installation of ms2.2 i still see the osCsid in the address bar???

 

is there somthing i've missed???

Link to comment
Share on other sites

i see the session id continuously when browsing the store...

 

i checked out the demo site for ms2.2 that you posted and it seems that i do not have a problem with seeing the session id like i do when i test my osc setup on my localhost. but still no idea what is up! it seems that numerous amounts of people are having similar proplems with the new ms2.2 setup!

Link to comment
Share on other sites

I am now storing my sessions in the database, but the session id is still appended for the first link, then it disappears after that. I am quickly starting to hate sessions and cookies. I tried storing the cookies as a file and I was getting a session_start(): read error. I have no idea what that means. Probably an error writing the cookie to the server.

Link to comment
Share on other sites

i also have a June snapshot of osc set up and that seems to work as the security proposal intended and since ms2.2 was released in early July the session id issuue must have risen between this short space of time!

Link to comment
Share on other sites

Maybe I am blind, but I don't seem to have the Session menu in my admin. I looked 10 times under Configuration, but can't find a submenu for sessions. I see My Store, Min/Max, Images, Cust Details, Shipping, Prod List, Stock, Logging, Cache, email, download and zip. I looked under tools as well can can't find it. I have been trying manual edits to the config.php.

 

Do you know if session.auto_start is turned on for your server? I have it turned off and I am wondering if that is the problem. I thought I needed it to be turned off.

Link to comment
Share on other sites

your sessions section should be in the configuration bit of the admin.... weird... :? ... what version of osc are you using???

 

and i checked and currently my session.auto_start is turned off

Link to comment
Share on other sites

I down loaded M2, the day after it came out. I had MS1 and had heavily modified it, but I really wanted M2. So I stopped work on MS1 and waited for MS2. The session thing is the whole reason I downloaded MS2. I am now wondering if I should just go back to the old version. I had added the security proposal mods and that seemed to work. I will try through the weekend, and if I can't get this thing working, I will just go back to MS1.

Link to comment
Share on other sites

on further investigation it also seems that live stores running the osc2.2 ms2 setup are also having similar problems. some stores seems to have the sessions working while on other stores the session id is visible constantly!!! but still no reason/solution!!!

Link to comment
Share on other sites

On my set up the session id is visible on first load and not again after that.

 

I also wonder if it has anything to do with the PHP version? It appears that php 4.2 is messing up my tables and coincidently this mess up also occurs only when the session id is present in the url, so I wonder?? If php 4.2 might be the problem. What version of php are you running on?

Link to comment
Share on other sites

i found that if you use one of the daily snapshots the problem of the session id appearing in the url is no longer there!!! :) rather then if you download from the main ms2.2 section (where i previously did)...

 

jus a thought (although this shouldn't be the case!!!)

Link to comment
Share on other sites

I finally figured out my problem over the weekend. I was not seeing the Sessions menu in the Admin tool. I think it was related to my database tables. I did not install the sample stuff. I made a back up of my old db and then had the install do a fresh install of the db. I finally saw the Sessions menu and found all the settings I needed. Hope that helps. Works great now!

Link to comment
Share on other sites

what types of settings did you change? I just uploaded the latest snapshot and I still get the session id in the url on the first load. It goes away after that.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...