fiat707 Posted December 6, 2003 Posted December 6, 2003 I have my osC store up and running for a short while. From my continuing tests on my store, I found there is uncertainty as what to set session-related controls in Admin -> Configuration -> Sessions. My current settings are as follows: Session Directory: /tmp Force cookie use: false Check SSL session ID: false Check user agent: false Check IP address: false Prevent spider session: True Recreate session: True Does anyone implement different settings? Any idea how any of these settings affect your store behavior? Is there any reason to change any of my session settings from above? I know that session settings are the keys determining how the store responds or behaves after a visitor or customer either log in or register (create an acc). But I am not certain that how each of the settings affects operating a osC store. Can anyone shed a light on this? Thanks KF
mattias2 Posted December 6, 2003 Posted December 6, 2003 Force cookie should be true to prevent shared sessions. More info at: http://wiki.oscommerce.com/proposalSecurityAndPrivacy
fiat707 Posted December 7, 2003 Author Posted December 7, 2003 Thanks, Mattias. Now comes the bad news from reading the info you provided: Both "Force cookie use" and "recreate session" do not work if the store resides at separated http and https servers (i.e., SSL is with a shared hosted domain). I found it a worse situation if setting "force cookie use" to "true" while the store resides at SSL shared domain, because it'll cause all the strange behaviors from your store to curse customers away. Example: auto-logoff, items in cart disappearing when click checkout, ... it's a mess I hope as the information stated, making "force cookie use" work for SSL shared domain will be realized soon. KF
Recommended Posts
Archived
This topic is now archived and is closed to further replies.