Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

change OSCID to MYID


katie81

Recommended Posts

How can I change all occurances of OSCID to something else Like MySiteNameID

 

Would I need to make changes in hundreds of files?

 

Or can I just replace a string somewhere?

 

Thanks,

Katie

Link to comment
Share on other sites

Hi,

 

Only a one line change, as far as searching for the occurance of the session name goes.

 

around line 136 of /application_top.php

 

    define('PHP_SESSION_NAME', 'osCsid');

 

Peter

Link to comment
Share on other sites

spoke too soon, there was a similar line about 10 lines down, needed to change that one too.

 

Thanks for all your help Peter, let me know if there is anything I can help you with.

 

Katie

Link to comment
Share on other sites

Hi,

 

Arrhh, .. silly me, I looked for occurances of the string in osC, but didn't check anywhere else in the actual file. I see the line now

 

// set the session name and save path
 tep_session_name('osCsid');

 

Peter

Link to comment
Share on other sites

  • 5 years later...

So let's summarise: to what should I change the following lines (both in application_top.php) in order to not have oscid= ... in my URL?

  • define('PHP_SESSION_NAME', 'osCsid');
  • tep_session_name('osCsid');

 

Thank you for all feedback!

JJ

Link to comment
Share on other sites

Ensure you have prevent spider sessions set to true, and recreate session set to true in your Admin under sessions.

 

Also make sure that your configure file settings are correct so that you don't have persistent osCsid appearing. Search the forum for an example configure file.

Link to comment
Share on other sites

Anyone know why tep_session_name() is hardcoded, rather than

tep_session_name(PHP_SESSION_NAME);

? It sounds like they should be kept consistent...

 

PHP_SESSION_NAME is defined in both includes/application_top.php and admin/includes/application_top.php, although they have slightly different values. "osCsid" is also used in the sofortueberweisung installation.

Link to comment
Share on other sites

Anyone know why tep_session_name() is hardcoded, rather than

tep_session_name(PHP_SESSION_NAME);

? It sounds like they should be kept consistent...

 

PHP_SESSION_NAME is defined in both includes/application_top.php and admin/includes/application_top.php, although they have slightly different values. "osCsid" is also used in the sofortueberweisung installation.

 

tep_session_name( 'osCsid' ) sets the session name if you used what you suggested instead of an osCsid you would have the standard PHP PHPSESSID.

Link to comment
Share on other sites

Interesting topic! But I don't understand the replies to this question:

So let's summarise: to what should I change the following lines (both in application_top.php) in order to not have oscid= ... in my URL?

  • define('PHP_SESSION_NAME', 'osCsid');
  • tep_session_name('osCsid');

 

Also, I was wondering if it would be harder for h*ckers to find osc sites if the product_id / manufacturer_id / cPath names were unique? Is it just a case of changing the words inside '' here in application_top:

// calculate category path
if (isset($HTTP_GET_VARS['cPath'])) {
$cPath = $HTTP_GET_VARS['cPath'];
} elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) {
$cPath = tep_get_product_path($HTTP_GET_VARS['products_id']);
} else {
$cPath = '';
}

 

or would there be more to it than that?

 

I appreciate this would affect Search Engine indexing for a while but that's a price I may be willing to pay. Another potential tool against the w*nker h*ckers perhaps?

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

tep_session_name( 'osCsid' ) sets the session name if you used what you suggested instead of an osCsid you would have the standard PHP PHPSESSID.

 

My answer was incorrect:

 

PHPSESSID is only set ...

 

if (!function_exists('session_start')) {

Link to comment
Share on other sites

Interesting topic! But I don't understand the replies to this question:

 

You could change tep_session_name('osCsid'); to tep_session_name('aardwark'); if you so wished. Some contributions however look for the "osCsid" in order to strip it out so it is probably best left as is.

 

Also, I was wondering if it would be harder for h*ckers to find osc sites if the product_id / manufacturer_id / cPath names were unique? Is it just a case of changing the words inside '' here in application_top:

// calculate category path
if (isset($HTTP_GET_VARS['cPath'])) {
$cPath = $HTTP_GET_VARS['cPath'];
} elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) {
$cPath = tep_get_product_path($HTTP_GET_VARS['products_id']);
} else {
$cPath = '';
}

 

or would there be more to it than that?

 

I appreciate this would affect Search Engine indexing for a while but that's a price I may be willing to pay. Another potential tool against the w*nker h*ckers perhaps?

 

It is much more complex than that . .those keys are touched in a whole number of files.

 

Instead of worrying about who can find out you have an osCommerce shop you'd be better off protecting against what they can or can't do WHEN they find it imo.

Link to comment
Share on other sites

Interesting topic! But I don't understand the replies to this question:

 

I appreciate this would affect Search Engine indexing for a while but that's a price I may be willing to pay. Another potential tool against the w*nker h*ckers perhaps?

You're holding the wrong end of the stick. Take another look at the post by Ashley. Once your site is setup properly (your spiders file should be updated too), the session ID won't be present except for an initial click or two. If the site is setup properly, the session ID is a non-issue so spending a lot of time trying to rename it isn't doing you any good.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thanks for the replies guys. I'll just leave as is. Of course best to have everything set-up well, I was just exploring the idea of making the osc site harder to find (for future holes that may arise) but I'm sure the h*ckers have better methods than following indexed links with those variables....

I'm sure there was logic in my thinking somewhere crying.gif

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...