Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Very Very Wierd things happens to my site


211655

Recommended Posts

Very Very wierd thing happened again.

 

If i go to my site it stells me welocme guest. when i add a product, it takes me back to someone's acocunt. any person who is adding a product and then tell me that welcome <that person> and i am in that account.

 

i dont have shared sessions storage in my host. they confirmed that.

i do have ssl from geotrust. not shared ssl.

i do have last lines of both config files:

 

define('USE_PCONNECT', 'false'); // use persistent connections?
?define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

My config files are here:

 

admin:

define('HTTP_SERVER', 'http://www.xs.com'); // eg, http://localhost - should not be empty for productive servers
?define('HTTP_CATALOG_SERVER', 'http://www.xs.com');
?define('HTTPS_CATALOG_SERVER', '');
?define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module
?define('DIR_FS_DOCUMENT_ROOT', 'D:/vsites/xscom/root/html/'); // where the pages are located on the server
?define('DIR_WS_ADMIN', '/admin/'); // absolute path required
?define('DIR_FS_ADMIN', 'D:/vsites/xscom/root/html/admin/'); // absolute pate required
?define('DIR_WS_CATALOG', '/'); // absolute path required
?define('DIR_FS_CATALOG', 'D:/vsites/xscom/root/html/'); // absolute path required
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
?define('DIR_WS_INCLUDES', 'includes/');
?define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
?define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
?define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
?define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
?define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
?define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
?define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
?define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
?define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
?define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

Now catalog/include:

 ?http://www.oscommerce.com

?Copyright (c) 2003 osCommerce

?Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
?define('HTTP_SERVER', 'http://www.xs.com'); // eg, http://localhost - should not be empty for productive servers
?define('HTTPS_SERVER', 'https://www.xs.com'); // eg, https://localhost - should not be empty for productive servers
?define('ENABLE_SSL', true); // secure webserver for checkout procedure?
?define('HTTP_COOKIE_DOMAIN', 'www.xs.com');
?define('HTTPS_COOKIE_DOMAIN', '');
?define('HTTP_COOKIE_PATH', '/cookies/');
?define('HTTPS_COOKIE_PATH', '/');
?define('DIR_WS_HTTP_CATALOG', '/');
?define('DIR_WS_HTTPS_CATALOG', '/');
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_INCLUDES', 'includes/');
?define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
?define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
?define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
?define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
?define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

?define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
?define('DIR_FS_CATALOG', 'D:/vsites/xscom/root/html/');
?define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
?define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

now my session settings in admin pannel:

 

 

Session Directory /tmp

Force Cookie Use False

Check SSL Session ID True

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session True

Link to comment
Share on other sites

ok what i did just now.

i m suing sts and i had linked all my other links with ending "osCsid=03969df553801dfc3775adec239bc942"

 

I guess that was the id i got from osc and everyone was getting that but thats not it. problem is still there as.

when i click checkout. it does same and gives me same id: osCsid=03969df553801dfc3775adec239bc942 all the time like

checkout_payment.php?osCsid=03969df553801dfc3775adec239bc942 etc...

 

thats wierd......

 

 

 

second.. plz check both of my config file. i guess admin i am missing quotes in enable ssl_catalog... i dont know one has ' ' and one doesnt?

Link to comment
Share on other sites

Okay in your includes/configure.php your https cookie domain needs to be specified as it is on your certificate eg. if your cert says www.xs.com then put that in, but if your cert says https://www.xs.com then put that in. They must match up. Your http cookie path (I believe) should simply be'/'

 

In your admin/includes/configure.php file you have not enabled ssl, but you have a full certificate, so set it to 'true'. For https catalog server enter 'https://www.xs.com'

 

You said "i m suing sts and i had linked all my other links with ending "osCsid=03969df553801dfc3775adec239bc942" You mst not set a specific session id, otherwise all sessions will use the same id, which is how you get this crossover - basically everyone is on the same id. The only exception that I know to this is with some of the IPN (Instant Payment Notification) systems, where you have to fix a specific session id for them to work.

 

By the way, just because your host does not use shared sessions it doesn't mean that they're not using a shared file structure. If the servers are overloaded with sites this shared file structure can cause problems.

 

Hope this helps - Vger

*edit* - external solution

Link to comment
Share on other sites

hey Rhea

thanks for help.

questions to u:

how do i check which cookie domain was given to my ssl cert.

what should be setting for session section in admin?

and wanna make sure my persistent connection in bottom of config files are set to false.

 

btw, when i tried to take mysql out from the last lines of config files, it gave me error on each page.

 

thanks Rhea

 

dan

Link to comment
Share on other sites

You said "i m suing sts and i had linked all my other links with ending "osCsid=03969df553801dfc3775adec239bc942" You mst not set a specific session id, otherwise all sessions will use the same id, which is how you get this crossover - basically everyone is on the same id.

 

how do i not set a specific id. it gives me autometically the same even i create a new acocunt or login as a diff person. everytime, i get same...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...