Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Cookies and EU law


rhubarb

Recommended Posts

I'm writing a site privacy policy and wondered if someone could help me with the following questions regarding cookies please:

 

What data does osCommerce MS2.2 collect via cookies?

 

In standard form is this data used only to maintain the customer's orders in their shopping cart?

 

Is the data only collected after the customer creates an account?

 

Are there any functional problems if the customer disables cookies in their browser?

 

Thanks,

 

Nick

Link to comment
Share on other sites

1. Session ID

 

2. Yes, at least until login. After login, it allows the server to customize user experience based on login ID, etc.

 

3. No. Guest accounts have session IDs as well. Note: information is not "collected." The cookie is created on the server and only gives the session ID, which allows the server to save info about choices that the customer has made (putting items in cart, etc.).

 

4. Yes. This is explained more in the osCommerce Wiki's Security and Privacy page. Also, read the osCommerce cookie_usage.php page.

 

Hth,

Matt

Link to comment
Share on other sites

iiinetworks: Thank you, the information at http://wiki.oscommerce.com/proposalSecurityAndPrivacy was helpful. You talk about the cookie being created on the server, whereas the documentation above talks about it being set on the client (as per normal).

 

On my test site with 'Force Cookie Use' set to FALSE the shopping cart and ordering process seemed to work ok and I didn't notice any Session ID's being appended to the url's, but this is without SSL at the moment. I've now set 'Force Cookie Use' to TRUE and even though my browser (IE6) privacy settings (in Tools | Internet Options | Privacy) are set to Medium (and also the domain is specified to be 'allowed') when I now try to make a dummy purchase I get directed to the cookie usage page.

Link to comment
Share on other sites

You talk about the cookie being created on the server, whereas the documentation above talks about it being set on the client (as per normal).
Yes, sorry, I should have said from the server. The point being that it is not using any of the browser settings to create the cookie information nor is it trying to access other cookies to scavenge info. The session ID is just a reference (key) to a server side record of information that it stores (languange and currency preferences, shopping cart info, etc.). Also, the cookie should be (if osC is configured correctly) set to only return data to this server, not any others that might access your cookies.

 

You may want to check your cookie settings. Note: the domains should just be the actual www.domain.com, no http:// or /catalog/. The paths can be set to '/'...it is incorrect but not really harmful. Post the top part of your configure.php file (we don't need DIR_FS or DB data) if you continue to have problems.

 

Hth,

Matt

Link to comment
Share on other sites

I'm having problems if I set Force Cookie use to True. In IE6 Tools | Internet Options | Privacy I had security set to Medium and I also specifically allowed cookies from the store domain. However each time I clicked the 'add to cart' button I was transferred to the cookie usage page. I've now temporarily set IE's security to Low and I still get redirected to the Cookie Usage page.

 

PS: In the M2.2 'Force Cookie Use' is found in admin | Configuration | Sessions, where's it gone in the latest CVS version?

Link to comment
Share on other sites

  • 1 year later...
I'm having problems if I set Force Cookie use to True. In IE6 Tools | Internet Options | Privacy I had security set to Medium and I also specifically allowed cookies from the store domain. However each time I clicked the 'add to cart' button I was transferred to the cookie usage page. I've now temporarily set IE's security to Low and I still get redirected to the Cookie Usage page.

 

PS: In the M2.2 'Force Cookie Use' is found in admin | Configuration | Sessions, where's it gone in the latest CVS version?

 

Are you using shared SSL?

If yes, you can't use "force cookie".

That only works with no SSL or full SSL.

 

Regards Crazypilot

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...