Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Getting rid of osCsid in URL


Noodles

Recommended Posts

Posted

Hi,

 

I've done a bit of a search on the forums, but haven't come up with anything. Is it possible to get rid of the osCsid parameter in the URL whilest keeping the functionallity of the site? I tried to turn it off by setting $add_session_id to false by default in the tep_href_link function, but then I couldn't add anything to my cart

 

Can anyone help?

 

Thanks

Posted

It should go away by itself after a few clicks provided you've got your config file set up correctly.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

and how would one go about setting up their config file properly?

 

Is there a special variable I need to be setting?

 

I'm just wanting to start using mod_rewrite for the urls instead of .php?productID=29&osCsid=2098123019823091823

 

e.g. product29.html

Posted

MIke:

 

first of all you shouldnt use them at all. these are your session ids. what happens that when someone come sto the store, they get a sesison id oscid, etc.... if you want ur site to be search engine friendly take them out. why? because for example a google spider(googlebot - who crawls ur site to have u listed), when comes to the site and u have set up this way that everyone gets a sesison id, then this spider will get too. and when it will link ur site in google, it will get www.ursite.com?oscid=blablab..... now when some one clicks, they wont get anywhere as session expires....

 

 

do this>

go to admin>configuration>session

 

first thingis the directory.default is tmp. if not then remember the name...

go to ur site via ftp or locally and make that tmp folder writeable, executable (set permission to 777)

- then make all of the options set to false except prevent spider....(make that one true and recreate session....)

 

hope it helps.

Posted

i have tried all that you have suggested but am still seeind the oscid blahblah crap :(

 

edit -

this is what i have the settings as

whatimean.GIF

"because it'll hurt more"- the greatest film of all time?

Posted

This is a sample:

echo '<a href=' . tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT,'keywords=' . $CriteriaWith . '&search_in_description=1', 'NONSSL', true, false),'>' . $produck_info[1] . '</a>' . tep_hide_session_id();

 

I use that in my own code, and so far work fine.

I try that based on this following code from advanced_search.php

<td width="100%" valign="top"><?php echo tep_draw_form('advanced_search', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', False), 'get', 'onSubmit="return check_form(this);"') . tep_hide_session_id(); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">

 

Is this meet what you need?

This function just hide the session but not really get rid the session.

What will happened if we lost the session, a broken cart for sure... :huh:

[.:2s1000s12:.]

"Did I had the dream, or did the dream had me?"

Posted

so are you saying that i have to change it in loads of files?

"because it'll hurt more"- the greatest film of all time?

Posted

Hi billybrag,

 

The osCsid only appears if a cookie cannot be set - so check your cookie paths in the /includes/configure.php file carefully - if these are not correct then you will not set cookiw and osC will pass the session ID in the URL instead.

 

If you want to ensure that cookies are ALWAYS used (i.e. force users to turn on cookie support to use your store) then you can set the Force Cookie use setting to true.

 

If you are using a shared secure server then you will not escape the passing of the osCsid in the URL when moving from SSL to NON-SSL and vice versa - this is becuase the cookie domains are different and cannot be read one from another.

 

The lines you want to check in /includes/configure.php are:

 

define('HTTP_COOKIE_DOMAIN', 'yourhost.com');

define('HTTPS_COOKIE_DOMAIN', 'yourhost.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

 

See also the Install Guide

 

Hope this helps.

 

Cheers

Rob

Posted

this is what mine are set at,

 

is this correct?

 

 define('HTTP_COOKIE_DOMAIN', 'www.sharpsbooks.co.uk');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', 'www.sharpsbooks.co.uk');
 define('HTTPS_COOKIE_PATH', '');

"because it'll hurt more"- the greatest film of all time?

Posted

I found this of interest in the Knowledge Base:

Disabling Sessions

 

Sessions should be disabled for search engine spiders to prevent session ID's from being indexed which could cause a potential security and privacy issue when multiple customers share the same session ID that the search engine spider has indexed.

 

Sessions for search engine spiders can be disabled at the following section on the osCommerce Administration Tool:

 

osCommerce 2.2 Milestone 2

Administration Tool -> Configuration -> Sessions -> Prevent Spider Session

 

osCommerce 2.2 Milestone 3

Administration Tool -> Configuration -> Services -> Sessions -> Block Search Engine Spiders

 

If the above configuration parameters are set to True, search engine spiders existing in osCommerce/includes/spiders.txt will not be given a session ID.

 

The following contribution can be used for osCommerce 2.2 Milestone 1 and earlier versions which provides similar functionality:

 

SID Killer

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Posted

cheers mike, i have this setting already set up though#

 

any other ideas?

"because it'll hurt more"- the greatest film of all time?

Posted

Beyond that I'm not sure.

 

But I wonder if anyone can confirm if that is effectively working on the bots.

 

Since it is only supposed ot block sessions for spiders, there is no way to be sure until it has been set long enough for some of the major ones to crawl it and index it in their search engine.

 

If it is working, you might still see session ids, but known spiders wouldn't start a session hence eliminating the main problem with session ids in urls.

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Posted

Mike,

 

No, it should look like this in your case:

 

?define('HTTP_COOKIE_DOMAIN', 'www.sharpsbooks.co.uk');

?define('HTTPS_COOKIE_DOMAIN', '');

?define('HTTP_COOKIE_PATH', '/');

?define('HTTPS_COOKIE_PATH', '');

 

You do not have a secure server defined, so presume you have also set:

 

define('ENABLE_SSL', false);

 

Cheers

Rob

Posted
http://www.summitmedia.co.uk/Marketing/index.htm

 

change your settings then go here and whack your domain name on it will give you a report on your site as if a search engine spider would see it

 

Its a spider simulator

Thanks for that link. It was very enlightening.

 

I ran their report, then checked my logs to get the name of their spider. I added it to spiders.txt and ran the report again. The spider still opened a session and the session id showed in the results.

 

<scratching head>

Yikes!

</scratching head>

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Posted

I am also using SEO sitemap contribution, makes the bots only see html pages, but when clicked on the return back to your php pages from the search engine, this is an excellent mod for search engines, mysite was getting a score of less than 50% on most pages now all pages have 92-94% looking foward to googles next trip around my site, with over a hundred products that will be over a hundred instant links :D

Its not a computer its a life management system!

Posted

i have the same problem, with that simulator, it stilled showed the oscid's

"because it'll hurt more"- the greatest film of all time?

Posted
i have the same problem, with that simulator, it stilled showed the oscid's

You have to fix your configure.php first...

Posted

Well, my cookie configuration is exactly right, and I have the admin setting to block sessions for known spiders and I added the summit spider to the list. Yet still their spider opens sessions and records the id.

Rule #1: Without exception, backup your database and files before making any changes to your files or database.

Rule #2: Make sure there are no exceptions to Rule #1.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...