Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Session Lost in Admin Forms


Guest

Recommended Posts

I just moved my osCommerce MS2 site from a Unix to a Windows server. Everything works great except...

 

In Admin when I use the nice "Search:" box, e.g. in Customers or Orders, I get kicked back out to the login page. I can see that the osCAdminID session in the url has changed, so somehow I'm losing the session and being redirected to the login.

 

What's the deal? In includes/configure.php I've got the STORE_SESSIONS set to mysql.

Link to comment
Share on other sites

I'm not sure if this will help, but I had the same kind of problem last week and it turns out that it was started when I change a setting in the Configuration | Sessions area of the Admin pages. The setting that made a difference was "Check IP Address", when I set it to true I would get kicked out to the login page when I tried to confirm an order.

 

HTH

 

Joey

Link to comment
Share on other sites

I've got that set to FALSE. That doesn't appear to be the issue.

 

This also occurs whenever I use the dropdown navigation in the Catalog section. So any form component will set it off.

Link to comment
Share on other sites

I keep looking into this. I've figured out that this happens whenever a form submits to the same page... this doesn't happen in the catalog because none of the forms submit information to the same page (I think). But in the Admin lots of forms do... the search boxes, nav menus, etc.

 

Can anyone help with this? Is there something in catalog/includes/application.top that is missing the session if the form refers to its own page?

Link to comment
Share on other sites

I figured out that this problem is generated by the Administration Access with Levels contribution. When I disabled the contribution it began to work again.

Link to comment
Share on other sites

infact this happens also in the catalog. Same issue here, submitting to the same form (eg. the category/manufacturer filter). I've also installed the admin with levels contrib and experience the same probs there too. For instance, in the edit_orders.php I had to hardcode this :

<form action='$PHP_SELF?oID=$oID&action=$action' method='POST'>

into this (bold part added manually):

<form action='$PHP_SELF?osCAdminID=" . tep_session_id($sessid) . "&oID=$oID&action=$action' method='POST'>

in order for it to work. But each time the tep_draw_form function is used I have no idea where to look. So instead of having to modify all the code, there must be a way to get around with this. Does anybody know the fix please?

Link to comment
Share on other sites

ok, found a simple and much better solution to my own problem. Whenever the form submits to itself, include a hidden field for the oscadminid like this:

 

tep_draw_hidden_field('osCAdminID', tep_session_id($sessid))

 

The parameter will be added to the url, a normal form procedure, it's that simple ofcourse.

 

James, let me know if this solves your problem too.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...