jeana Posted January 26, 2004 Share Posted January 26, 2004 I keep getting emails from customers telling me that they are having login problems or problems even just viewing my items...its always the same: I am currently an interested customer. However, whenever I login the welcome screen comes up, but does not allow me to view any products. When I click on ANY item it returns me back to the login screen. This does not happen to everyone, and I cannot reproduce the problem on any computer I've tried (at least 5 different ones). I *believe* this is an AOL related issue because when I look back the people who have emailed me about this have aol addresses. Does anyone else have this problem? How do I fix it? I'm losing alot of customers and it is strange that it doesn't even let people view my products at all. I do not require a login to view the products. This sounds like a cookies problem to me, but I'm at a loss as to what is wrong. Here is the relevant info from my config.php file: define('HTTP_SERVER', 'http://www.jeana.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.alocalagent.com/jeana'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.jeana.com'); define('HTTPS_COOKIE_DOMAIN', 'www.alocalagent.com/jeana'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); Is something blatently wrong? My store adddress is www.jeana.com I've been struggling with for for weeks and have tried searching for this problem, but could not find any related issues. Please help! Thanks in advance Jeana Link to comment Share on other sites More sharing options...
jeana Posted January 28, 2004 Author Share Posted January 28, 2004 can anyone *PLEASE* help? seems like EVERY aol user is having this problem...it has to be a setting somewhere, but I can't figure it out...I'm begging! Link to comment Share on other sites More sharing options...
jon_l Posted January 28, 2004 Share Posted January 28, 2004 Try this thread: http://www.oscommerce.com/forums/index.php?showtopic=75244 Sounds like the same problem, I just posted a link there to another thread, which hopefully contains the solution. Thanks, Jon. Link to comment Share on other sites More sharing options...
jeana Posted February 2, 2004 Author Share Posted February 2, 2004 Thank you Jon!! That did it. I have set my sessions to the following and no more complaints! Session Directory /tmp Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session False Sessions are being stored in mysql. Link to comment Share on other sites More sharing options...
Guest Posted February 4, 2004 Share Posted February 4, 2004 Hey folks.. Just to add a tad bit more security here, I do not suggest using /tmp as your Session Directory. Instead, use a tmp directory in your users home directory such as: Session Directory /home/username/tmp (or ~/tmp)Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session False There are many reasons for this but here are a few: 1. /tmp is readable by any telnet/ssh/ftp user (user may not initally be able to see the data but its something to go after! )2. /tmp may or may NOT be cleared on a reboot! That is all files may or may not be removed. (reboots happen more than you know.. trust me on this!)3. /tmp is a shared directory by everyone on the server4. More reasons exist if I wanted to think about this more but you get the idea.Ask your Support desk or server admin to make sure your home directory does NOT have read access by all users! Only you and the UID of the web server should be able to read. Also just remember to NOT place it in your webroot directory such as ~/public_html/tmp as that would/could be most bad! :D Link to comment Share on other sites More sharing options...
jenawade Posted March 8, 2004 Share Posted March 8, 2004 Thank you Jon!! That did it. I have set my sessions to the following and no more complaints! Session Directory /tmp Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session False Sessions are being stored in mysql. Which file do you make those changes on??? Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.