Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Cookies? OSC2 M2.2


lanesharon

Recommended Posts

I have tried setting cookies on in ADMIN. I set Cookies to true, and Prevent Spider Sessions to true. Then I went to my store and started to do something and as soon as I went into a redirect, I got sent to the page of my store that gives the 'discussion' on cookies. I have IE 6, with cookies set to a medium status. I am concerned that if that happens in that particular circumstance, then it will happen constantly for my customers. If someone knows a quick fix, please let me know.

 

I am new to this world, so forgive my naivity. Here is the million dollar question. What does cookies do in OSCommerce that you feel helps your business? What types of information and how do you use it? I will take this question to a different forum if you tell me it is inappropriate for this one.

 

Thanks and take care, Sharon

Link to comment
Share on other sites

Without cookies, you need the links (the http://...) to include something that identifies the customer. Otherwise, you have no real way of telling who is asking for the page (IP is helpful but not sufficient). The standard is to use a unique 32 character session ID. Unfortunately, if someone finds out the customer's session ID, they can hijack their session and add their own products to the cart. Even worse, search engines sometimes include the session ID in their results. In which case, all the people who use that link are sharing a session and adding/subtracting from the same cart.

 

There are various work arounds, but cookies are the most effective (since they don't provide session IDs in the URLs at all).

 

Hth,

Matt

Link to comment
Share on other sites

Then could you answer one other question? With my cookies set to "medium" on IE6, and my cookies set to "True" for "Force Cookie USE" on OSCommerce (2 2.2)"; why do I get redirected to the cookies screen on my store and told to turn on my cookies. Since that is the standard default for IE, I would think this would happen to most people.

 

An aside to this whole thing. The wording on that cookies page of the OSCommerce store says:

"For Internet Explorer browsers, please follow these instructions:

 

Click on the Tools menubar, and select Internet Options

Select the Security tab, and reset the security level to Medium"

 

That is not true on IE6. The tab to click is the Privacy tab, not the Security tab.

 

Am I totally misunderstanding the use of cookies on OSCommerce? Do I HAVE to have the cookies set to Force? Or are cookies normally set even without the Force set to True?

 

Thanks for replying and take care, Sharon

Link to comment
Share on other sites

A side issue is the question of the correctness of the cookie. Is the cookie domain in your configure.php set correctly? I think that you can look at the cookie if you set your cookies to prompt (Tools :arrow: Internet Options :arrow: Privacy :arrow: Advanced :arrow: Override Automatic Cookie Handling :arrow: Prompt) and go somewhere that requests to add the cookie. When it prompts you, it should offer you the chance to look at the cookie information and see if it is correct.

 

Hth,

Matt

Link to comment
Share on other sites

I changed session cookies to forced, then went made the changes to my browser that you suggested. I did not get a prompt for cookies, I just got the OSC cookies usage message:

We have detected that your browser does not support cookies, or has set cookies to be disabled, blah, blah, blah.......

 

Oddly enough I left the session forced cookies on in ADMIN and then went to my browser and said allow all cookies. Then tried to do the sign in routine again and got the same cookie usage message.

 

Am I NOT supposed to set "force cookie use" to TRUE in ADMIN??

 

I am lost on cookie usage. Can someone answer this for me?

 

Thanks and take care, Sharon

Link to comment
Share on other sites

Is this site publicly available that I could look at it? Force cookie use true is the correct setting and should work. I'm a little confused about how you are getting the behavior you describe and would like to try to duplicate it.

 

Thanks,

Matt

Link to comment
Share on other sites

Hi, I am the lady who has been writing about the cookies on my OSC website. I have been working on the website, so I turned the cookies off because I couldn't get anywhere on my testing. Tonight I am turning it back to force and spider sessions to TRUE. I will leave it that way for a while tomorrow morning in the hope that you can try it yourself.

 

I have IE 6.0.2600, with Privacy set to Medium. Try to go to the login screen and see what happens for you. That is when I am immediately redirected to the cookies usage page. The site is uptowngoodies.com Thank you for taking the time to answer me and help me out.

Take Care, Sharon

Link to comment
Share on other sites

Something is definitely not right... It's not even querying for a cookie. Check php.ini for the following:

; Whether to use cookies.

session.use_cookies = 1

Hth,

Matt

Link to comment
Share on other sites

I got it. I started poking around when you mentioned php.ini. My newbie reasoning was that the configure.php files seem to set everything up. I did a little changing, testing, ditto stuff and voila. For those of your watching this thread, I fixed my constant going to the cookies usage screen by changing my catalog/include/configure.php file. If you use this change the word mine to your website name, me to your server name, password to your password, and mydb to your oscommerce database.

 

Seems to be working now, but could you tell me if these cookies are stored anywhere. If so, where? Thanks for all your help ii. Take Care, Sharon

 

<?php

/*

$Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

Copyright © 2003 osCommerce

Released under the GNU General Public License

*/

// CATALOG configure for MyWebsite

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.mine.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mine.com/catalog/');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');

define('DIR_FS_DOCUMENT_ROOT', '/home/sharon/public_html');

define('DIR_FS_CATALOG', '/home/me/public_html/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'me');

define('DB_SERVER_PASSWORD', 'password');

define('DB_DATABASE', 'mydb');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

Link to comment
Share on other sites

OOPs, I screwed up on one thing. Didn't effect me on my server, but it may effect you on yours. Here is the catalog/includes/configure.php

 

<?php

/*

$Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

// CATALOG configure for My Website

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.mine.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'http://www.mine.com/catalog/');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');

define('DIR_FS_DOCUMENT_ROOT', '/home/me/public_html');

define('DIR_FS_CATALOG', '/home/me/public_html/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'me');

define('DB_SERVER_PASSWORD', 'password');

define('DB_DATABASE', 'myoscdb');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

Link to comment
Share on other sites

Mind if we continue this thread? I must be missing something on my cookie domain settings. SSL is on, everything seems to go fine with sessions, but with cookies on customer login continues to go to the cookie info page.

 

/ Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

 define('HTTP_SERVER', 'http://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers

 define('HTTPS_SERVER', 'https://host85.ipowerweb.com/~myname'); // eg, https://localhost - should not be empty for productive servers

 define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 define('HTTP_COOKIE_DOMAIN', 'http://www.mysite.com/catalog/');

 define('HTTPS_COOKIE_DOMAIN', 'https://host85.ipowerweb.com/~myname/catalog/');

 define('HTTP_COOKIE_PATH', '/catalog/');

 define('HTTPS_COOKIE_PATH', '/catalog/');

 define('DIR_WS_HTTP_CATALOG', '/catalog/');

 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

I've also tried leaving off the www and /catalog/...

Thanks!

Link to comment
Share on other sites

Ok, here's where I'm at for the rest of you playing at home :D

To figure out the correct cookie domain and path parameters, follow iiinetworks explanation from earlier in this thread and turn on 'force cookies' from your ocs admin panel....as you wander around your site, you'll get the domain and path that the cookies are coming from (had part of my path in my domain)...

 

Now, here's the rub: with ssid, everything seems to work fine, test orders okay, etc....with cookies, everything goes fine till checkout- the dreaded 'your cart is empty' leading to the 'would you like to log in' pages...

 

I have read the variations of this question but didn't see any resolutions...any suggestions/ comments/ did I miss apreviously posted answer?

 

Thanks!

Link to comment
Share on other sites

Try it like this:

  define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');

 define('HTTPS_COOKIE_DOMAIN', 'host85.ipowerweb.com');

 define('HTTP_COOKIE_PATH', '/catalog/');

 define('HTTPS_COOKIE_PATH', '/~myname/catalog/');

 define('DIR_WS_HTTP_CATALOG', '/catalog/');

 define('DIR_WS_HTTPS_CATALOG', '/~myname/catalog/');

Hth,

Matt

Link to comment
Share on other sites

  • 4 months later...
  • 10 months later...

Try this.

In your .htaccess file (located under <your-domain>/catalog/)

 

Where you see this...

 

<Ifmodule mod_php4.c>

php_value session.use_trans_sid 0

php_value register_globals 1

</IfModule>

 

... add a flag for cookies ... php_value session.use_cookies 1

.... so it looks like this.

 

<Ifmodule mod_php4.c>

php_value session.use_trans_sid 0

php_value register_globals 1

php_value session.use_cookies 1

</IfModule>

 

Worked for me.

Link to comment
Share on other sites

  • 4 months later...

Hi Sharon et al,

 

I too have been having cookie problems -- and after several hours of mucking around I appear to have made no progress :'( . I still get The Dreaded Cookies Required Page. The crux of the problem is this:

 

 

  $session_started = false;
 if (SESSION_FORCE_COOKIE_USE == 'True') {
   tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain);

   if (isset($HTTP_COOKIE_VARS['cookie_test'])) {
     tep_session_start();
     $session_started = true;
   }

 

 

I have 'force cookies' to true etc and done all sorts of things including setting the .htaccess as recommended further in this thread:

 

<IfModule mod_php4.c>
 php_value session.use_trans_sid 0
 php_value register_globals 1
 php_value session.use_cookies 1
</IfModule>

 

My configure.php file looks like this:

<?php
/*
$Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright ? 2003 osCommerce

Released under the GNU General Public License
*/
// CATALOG configure for My Website
// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://localhost'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', false); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'http://localhost/catalog/');
define('HTTPS_COOKIE_DOMAIN', '');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_FS_DOCUMENT_ROOT', 'C:/apachefriends/xampp/htdocs');
define('DIR_FS_CATALOG', 'C:/apachefriends/xampp/htdocs/catalog/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', '127.0.0.1'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'root');
 define('DB_SERVER_PASSWORD', '');
 define('DB_DATABASE', 'oscommerce');
 define('USE_PCONNECT', 'true'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

And for completeness, here's my application_top as recommended in another thread:

 

// ## PATCH see http://www.oscommerce.com/forums/index.php?showtopic=121533&hl=
// check if sessions are supported, otherwise use the php3 compatible session class
if (!function_exists('session_start')) {
  define('PHP_SESSION_NAME', 'osCsid');
  define('PHP_SESSION_PATH', $cookie_path);
  define('PHP_SESSION_DOMAIN', $cookie_domain);
  define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY);

  include(DIR_WS_CLASSES . 'sessions.php');
}

// define how the session functions will be used
require(DIR_WS_FUNCTIONS . 'sessions.php');

// set the session name and save path
tep_session_name('osCsid');
tep_session_save_path(SESSION_WRITE_DIRECTORY);

// set the session cookie parameters
 if (function_exists('session_set_cookie_params')) {
  session_set_cookie_params(0, $cookie_path, $cookie_domain);
} elseif (function_exists('ini_set')) {
  ini_set('session.cookie_lifetime', '0');
  ini_set('session.cookie_path', $cookie_path);
  ini_set('session.cookie_domain', $cookie_domain);
}

// set the session ID if it exists
 if (isset($HTTP_POST_VARS[tep_session_name()])) {
   tep_session_id($HTTP_POST_VARS[tep_session_name()]);
 } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) {
   tep_session_id($HTTP_GET_VARS[tep_session_name()]);
 }

// start the session
$session_started = false;
if (SESSION_FORCE_COOKIE_USE == 'True') {
  tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain);

  if (isset($HTTP_COOKIE_VARS['cookie_test'])) {
    tep_session_start();
    $session_started = true;
  }
} elseif (SESSION_BLOCK_SPIDERS == 'True') {
  $user_agent = strtolower(getenv('HTTP_USER_AGENT'));
  $spider_flag = false;

  if (tep_not_null($user_agent)) {
    $spiders = file(DIR_WS_INCLUDES . 'spiders.txt');

    for ($i=0, $n=sizeof($spiders); $i<$n; $i++) {
      if (tep_not_null($spiders[$i])) {
        if (is_integer(strpos($user_agent, trim($spiders[$i])))) {
          $spider_flag = true;
          break;
        }
      }
    }
  }

  if ($spider_flag == false) {
    tep_session_start();
    $session_started = true;
  }
} else {
  tep_session_start();
  $session_started = true;
}

// set SID once, even if empty
$SID = (defined('SID') ? SID : '');
// ## END PATCH -- see http://www.oscommerce.com/forums/index.php?showtopic=121533&hl=

 

does anyone have any suggestions as to how to diagnose the problem further? Any particular PHP debugger or flag I can set to turn on detailed PHP debugging in the internals of setcookie etc? What's Zend like? I've been using Apachefriends' XAMPP with PHP4 and evaluating Maguma Studio which looks ok ... but open to possibilities.

 

thanks all in advance!

 

Julian

 

 

 

I got it.  I started poking around when you mentioned php.ini.  My newbie reasoning was that the configure.php files seem to set everything up.  I did a little changing, testing, ditto stuff and voila.  For those of your watching this thread, I fixed my constant going to the cookies usage screen by changing my catalog/include/configure.php file.  If you use this change the word mine to your website name, me to your server name, password to your password, and mydb to your oscommerce database. 

Seems to be working now, but could you tell me if these cookies are stored anywhere.  If so, where?  Thanks for all your help ii.  Take Care,  Sharon 

...

Link to comment
Share on other sites

  • 4 months later...

hi @ll

 

sorry for my english, but I am Italian living in germany ;) hard enough up to here LOL

 

I have been through the forum for days now and cannot see why my cookies do not work blush.gif when I set my browser to ask for cookie acception each time, and then visit the site, I am propperly asked to accept the cookie

 

firefox gives me info like:

name: cookie_test

domain: .funjumping.de

path: /tmp/

 

I accept the cookie - fine so far (allthough I do not find it on my server ???)

and when i want to add somehing to the card I get the cookie_usage.php as response, which really drives me crazy.

 

so what info can I provide?

 

cookies usage in php.ini is set

my config file looks like that:

 

 define('HTTP_SERVER', 'http://funjumping.de'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://funjumping.de'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '.funjumping.de');
define('HTTPS_COOKIE_DOMAIN', '.funjumping.de');
define('HTTP_COOKIE_PATH', '/tmp/');
define('HTTPS_COOKIE_PATH', '/tmp/');

 

any help?I would be really greatful, as this topic costs me already 2 nights and is the bases for getting a SEO Url contrib to run propperly :(

 

happy osCing

dahui

 

this post was initially started at

this site and as you can see on timestamp it cost me meanwhile the 3rd night in a row :(

Link to comment
Share on other sites

Why do you have

 

define('HTTP_COOKIE_PATH', '/tmp/');

define('HTTPS_COOKIE_PATH', '/tmp/');

 

Did you try:

 

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

That's default for php

 

I can't find your setup at funjumping.de. What is the directory?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

hi allan, thx for fast reply

 

I didn't define it, that was out of the box

and the cache utility tool in admin end doesnt give me errors

 

setup? directory?ehmmm sorry its all standard apart that catalog=shop

 

dahui

Link to comment
Share on other sites

tried just with / and the cookies seem to semi-work

 

now I do not get an error but loose the shopping cart and login probs too and in admin end the cache utlility tells me directory doesn't exist

 

I tried every way I found explained here in the board - I think Iwill break on this and have to live with the sid in the URL :( :( :(

 

dahui

Link to comment
Share on other sites

You shouldn't be using /tmp/ for cache on a shared server. If there's another shop running on the same sever you can have conflicts. If you want to use cache create a directory within catalog somewhere and redefine the path to point to that directory.

 

I'd turn it off for now.

 

Is define('STORE_SESSIONS', '');

 

set to:

 

define('STORE_SESSIONS', 'mysql');

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Your problem is that you have Force Cookie Use set to 'true', when you don't have a full ssl cert in the name of your domain. The http and https cookie domain must match, and your self-signed ssl cert is made out to 'plesk' and not to your domain.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...