Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

osCsid, getting rid of the little fellers!


Guest

Recommended Posts

Hi there.

 

I would like to prevent the osCsid variable being passed, via the url, on to links of my page when a new session is created. I've searched the forum and the contribution database and found nothing, is there any contribution that can help me?

 

The problem is my site isn't just the catalog its also a community, so when the oscSid is passedd via the url on a link pointing to a different part of the site, it kind of messes things up a little :(

 

Thanks in advance!

 

aL

Link to comment
Share on other sites

Sorry to bump this topic up but I don't want to see it dissapear into the house of the unanswered :( Surely someone must know about the session ids???

 

:huh:

Link to comment
Share on other sites

What version are you running?

I'm running version 2.2 milestone 2 :) thanks for the reply :D

 

and no bumping, not nice to do.

I know I'm very sorry its just that it seems that any topic I post it just dissapears and never gets answered :( I know its selfish but it's the only way... withint a matter of days an unanswered post can fade away into page 4/5 and never be viewed :unsure:

 

Sorry...

Link to comment
Share on other sites

  • 2 weeks later...

Hi there, sorry I haven't replied I've been away on holiday :D (Had a great time!!)

 

I'm not using the BTS mod, or atleast I don't think I am seen as I am not sure what it is.. ?

 

This is a real problem for me as I have outisde links integrated with my store and this session id being sent with them messes them up, and also looks nasty in the browser window....

 

Thanks for the replies!

 

aL

Link to comment
Share on other sites

If you are having problems with cookies not setting, check in the catalog/includes/configure.php file, I had to play with mine for awhile to get it to set the cookies instead of defaulting to the oscsid.

 

I still do have a small issue with the oscsid's instead of using a cookie during checkout as I am using a different domain for the secure server.

 

I see you don't have the BTS module, but even if you did have it the cookies will work once the settings are right in the configure.php file. If you need any help let me know, also check out one of my sites and click around, it should be using the cookie in most cases. http://www.SeniorsLivingHealthy.com

 

Chris

Chris Guth

Seniors Living Healthy

Retail/Wholesale

Link to comment
Share on other sites

Sorry to bump this topic up but I don't want to see it dissapear into the house of the unanswered :( Surely someone must know about the session ids???

 

:huh:

Not to worry. Not too big of a deal. Just don;t mention bumping when you bump and it is technically not a bump :D

 

I also think that editing you post will also bump you post back up as well.

 

You see, there are ways to bump without actually bumping :D B)

Link to comment
Share on other sites

the most important one is to NOT to make hardcoded links like:

<?php echo '<a href="index.php">'; ?>

but use

 

<?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">'; ?>

 

I have the 'not logged' in area working fine again, but when a customer has logged in then the osCid is showing up again :(

 

I did too many changes to find out where this osCid is being added to the URL.

So anyone who can give me some information how to find out where the session id is being added to the url will be the KING of 2004 :)

 

I am serious here, i have started at index.php to check all related files that are loaded at that time and i still have no clue were the session id is added.

It looks almost like a ghost that leaves his name when he is logged in....LOL

 

All information will be appreciated about this

Robert

 

We all need to learn it once, how hard it may seem when you look at it, also you will master it someday ;)

Link to comment
Share on other sites

I had some experience with this one. In order to make SID disappear, you have to set "Forced Cookie use" True. But, if you have shared SSL domain, the "Forced Cookie use" won't work and if set True, it may cause other SSL-related problems. So, for shared SSL domain, the "FCU" has to be set to "false" and then the SID will show up in URL! Now to resolve spider's bombard issue because of the SID in URL, a SID killer contribution can be installed. However, some where in the support forum a post indicates that the "auto-logoff" or "empty cart" issue can be resolved by uninstalling the SID killer! .... How this circulating chain of important issues (login, SSL, SID, cart, etc) is entangling together? Is there someone with a super cool, clear head would kindly sum up a final solution for us? Thanks

 

KF

Link to comment
Share on other sites

In order to make SID disappear, you have to set "Forced Cookie use" True

 

This is not TRUE, and also NOT a user friendly solution.

It's possible that it works for you but it's not the best solution for your online store.

 

I've tried this immediatly after i woke up about having the session id in the url and there was no change.

 

I'll keep hunting next weeks, security is something that i dont take for even...

 

Thanks anyway, i', sure it will work for 'some' people with small shops

Robert

 

We all need to learn it once, how hard it may seem when you look at it, also you will master it someday ;)

Link to comment
Share on other sites

Sorry to bump this topic up but I don't want to see it dissapear into the house of the unanswered :( Surely someone must know about the session ids???

 

:huh:

Not to worry. Not too big of a deal. Just don;t mention bumping when you bump and it is technically not a bump :D

 

I also think that editing you post will also bump you post back up as well.

 

You see, there are ways to bump without actually bumping :D B)

Is that so?

 

Matti

osCommerce Team Member

Link to comment
Share on other sites

Druide,

 

Thanks for your response. I wonder if you read my statement following the quote you made: "But, if you have shared SSL domain, the "Forced Cookie use" won't work and if set True, it may cause other SSL-related problems." That means even you set FCU to True with a shared SSL domain, the whole thing is not going to work and SID will still show up because the shared SSL domain! Does your store reside with a shared SSL domain? If yes, your FCU should be set to False for the sake of other SSL-related issues. Can anyone further clarify this big damx issue? Thanks

 

KF

Link to comment
Share on other sites

If you need any help let me know, also check out one of my sites and click around, it should be using the cookie in most cases. http://www.SeniorsLivingHealthy.com

 

Chris

I looked at your site (very nice :D) BUT every link had the slhsid=<lots of random numbers here> attatched to it :(

 

It isn't a major problem for me this one, I can bypass the external link problem I'm having, it's just a tad annoying having such ugly and long URL's, and i'd imagine it wouldn't be too healthy if someone linked to the site with one attatched to it, say in another sites 'links' page :S

 

I too had a look around the files and couldn't find where it is being created. :unsure:

 

Thanks for the tip about direct URL's and using the tep_make_link feature, something I've been doing a lot of and isn't very wise...

 

Anyway thanks for the replies, it seems this one is a toughy <_<

Link to comment
Share on other sites

If you have cookies enabled on your browser it works fine, I have noticed sometimes the first page before clicking a link will have the sid, after that all the pages wont have it.

Chris Guth

Seniors Living Healthy

Retail/Wholesale

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...