Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

login problems with aol users?


jeana

Recommended Posts

I keep getting emails from customers telling me that they are having login problems or problems even just viewing my items...its always the same:

 

I am currently an interested customer.  However, whenever I login the welcome screen comes up, but does not allow me to view any products.  When I click on ANY item it returns me back to the login screen.

 

This does not happen to everyone, and I cannot reproduce the problem on any computer I've tried (at least 5 different ones). I *believe* this is an AOL related issue because when I look back the people who have emailed me about this have aol addresses.

 

Does anyone else have this problem? How do I fix it? I'm losing alot of customers and it is strange that it doesn't even let people view my products at all. I do not require a login to view the products. This sounds like a cookies problem to me, but I'm at a loss as to what is wrong.

 

Here is the relevant info from my config.php file:

  define('HTTP_SERVER', 'http://www.jeana.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.alocalagent.com/jeana'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.jeana.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.alocalagent.com/jeana');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

Is something blatently wrong? My store adddress is www.jeana.com

 

I've been struggling with for for weeks and have tried searching for this problem, but could not find any related issues. Please help!

 

Thanks in advance

Jeana

Link to comment
Share on other sites

Thank you Jon!! That did it. I have set my sessions to the following and no more complaints!

 

Session Directory /tmp

Force Cookie Use False

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session False

 

Sessions are being stored in mysql.

Link to comment
Share on other sites

Hey folks..

Just to add a tad bit more security here, I do not suggest using /tmp as your Session Directory. Instead, use a tmp directory in your users home directory such as:

 

 

Session Directory /home/username/tmp (or ~/tmp)

Force Cookie Use False

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session False

 

There are many reasons for this but here are a few:

  • 1. /tmp is readable by any telnet/ssh/ftp user (user may not initally be able to see the data but its something to go after! )
    2. /tmp may or may NOT be cleared on a reboot! That is all files may or may not be removed. (reboots happen more than you know.. trust me on this!)
    3. /tmp is a shared directory by everyone on the server
    4. More reasons exist if I wanted to think about this more but you get the idea.

Ask your Support desk or server admin to make sure your home directory does NOT have read access by all users! Only you and the UID of the web server should be able to read. Also just remember to NOT place it in your webroot directory such as ~/public_html/tmp as that would/could be most bad! :D

Link to comment
Share on other sites

  • 1 month later...
Thank you Jon!! That did it. I have set my sessions to the following and no more complaints!

 

Session Directory /tmp

Force Cookie Use False

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session False

 

Sessions are being stored in mysql.

Which file do you make those changes on???

 

 

Thanks!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...