change OSCID to MYID

[katie81]

How can I change all occurances of OSCID to something else Like MySiteNameID

 

Would I need to make changes in hundreds of files?

 

Or can I just replace a string somewhere?

 

Thanks,

Katie

[peterr]

Hi,

 

Only a one line change, as far as searching for the occurance of the session name goes.

 

around line 136 of /application_top.php

 

    define('PHP_SESSION_NAME', 'osCsid');

 

Peter

[katie81]

thanks Peter,

 

But that doesn't seem to change anything, the osCsid still appears in the title bars etc.

 

Katie

[katie81]

spoke too soon, there was a similar line about 10 lines down, needed to change that one too.

 

Thanks for all your help Peter, let me know if there is anything I can help you with.

 

Katie

[peterr]

Hi,

 

Arrhh, .. silly me, I looked for occurances of the string in osC, but didn't check anywhere else in the actual file. I see the line now

 

// set the session name and save path
 tep_session_name('osCsid');

 

Peter

[jje-007]

So let's summarise: to what should I change the following lines (both in application_top.php) in order to not have oscid= ... in my URL?

• define('PHP_SESSION_NAME', 'osCsid');
  
• tep_session_name('osCsid');
  

 

Thank you for all feedback!

JJ

[Hotclutch]

Ensure you have prevent spider sessions set to true, and recreate session set to true in your Admin under sessions.

 

Also make sure that your configure file settings are correct so that you don't have persistent osCsid appearing. Search the forum for an example configure file.

[MrPhil]

Anyone know why tep_session_name() is hardcoded, rather than

tep_session_name(PHP_SESSION_NAME);

? It sounds like they should be kept consistent...

 

PHP_SESSION_NAME is defined in both includes/application_top.php and admin/includes/application_top.php, although they have slightly different values. "osCsid" is also used in the sofortueberweisung installation.

[♥FWR Media]

Anyone know why tep_session_name() is hardcoded, rather than

tep_session_name(PHP_SESSION_NAME);

? It sounds like they should be kept consistent...

 

PHP_SESSION_NAME is defined in both includes/application_top.php and admin/includes/application_top.php, although they have slightly different values. "osCsid" is also used in the sofortueberweisung installation.

 

tep_session_name( 'osCsid' ) sets the session name if you used what you suggested instead of an osCsid you would have the standard PHP PHPSESSID.

[tigergirl]

Interesting topic! But I don't understand the replies to this question:

So let's summarise: to what should I change the following lines (both in application_top.php) in order to not have oscid= ... in my URL?

• define('PHP_SESSION_NAME', 'osCsid');
• tep_session_name('osCsid');

 

Also, I was wondering if it would be harder for h*ckers to find osc sites if the product_id / manufacturer_id / cPath names were unique? Is it just a case of changing the words inside '' here in application_top:

// calculate category path
if (isset($HTTP_GET_VARS['cPath'])) {
$cPath = $HTTP_GET_VARS['cPath'];
} elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) {
$cPath = tep_get_product_path($HTTP_GET_VARS['products_id']);
} else {
$cPath = '';
}

 

or would there be more to it than that?

 

I appreciate this would affect Search Engine indexing for a while but that's a price I may be willing to pay. Another potential tool against the w*nker h*ckers perhaps?

[♥FWR Media]

tep_session_name( 'osCsid' ) sets the session name if you used what you suggested instead of an osCsid you would have the standard PHP PHPSESSID.

 

My answer was incorrect:

 

PHPSESSID is only set ...

 

if (!function_exists('session_start')) {

[♥FWR Media]

Interesting topic! But I don't understand the replies to this question:

 

You could change tep_session_name('osCsid'); to tep_session_name('aardwark'); if you so wished. Some contributions however look for the "osCsid" in order to strip it out so it is probably best left as is.

 

Also, I was wondering if it would be harder for h*ckers to find osc sites if the product_id / manufacturer_id / cPath names were unique? Is it just a case of changing the words inside '' here in application_top:

// calculate category path
if (isset($HTTP_GET_VARS['cPath'])) {
$cPath = $HTTP_GET_VARS['cPath'];
} elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) {
$cPath = tep_get_product_path($HTTP_GET_VARS['products_id']);
} else {
$cPath = '';
}

 

or would there be more to it than that?

 

I appreciate this would affect Search Engine indexing for a while but that's a price I may be willing to pay. Another potential tool against the w*nker h*ckers perhaps?

 

It is much more complex than that . .those keys are touched in a whole number of files.

 

Instead of worrying about who can find out you have an osCommerce shop you'd be better off protecting against what they can or can't do WHEN they find it imo.

[Jack_mcs]

Interesting topic! But I don't understand the replies to this question:

 

I appreciate this would affect Search Engine indexing for a while but that's a price I may be willing to pay. Another potential tool against the w*nker h*ckers perhaps?

You're holding the wrong end of the stick. Take another look at the post by Ashley. Once your site is setup properly (your spiders file should be updated too), the session ID won't be present except for an initial click or two. If the site is setup properly, the session ID is a non-issue so spending a lot of time trying to rename it isn't doing you any good.

[tigergirl]

Thanks for the replies guys. I'll just leave as is. Of course best to have everything set-up well, I was just exploring the idea of making the osc site harder to find (for future holes that may arise) but I'm sure the h*ckers have better methods than following indexed links with those variables....

I'm sure there was logic in my thinking somewhere