Jump to content



Photo
- - - - -

Lose Session Details Between http and https Page of the Catalog?


This topic has been archived. This means that you cannot reply to this topic.
30 replies to this topic

#1   mrlake

mrlake
  • Members
  • 51 posts

Posted 30 October 2006 - 05:57

PROBLEM: If I select an item, add it my cart, select checkout, then login, my shopping cart is empty.

MY GUESS: Maybe the session details are lost between the pages that use an HTTP server and the pages that use an HTTPS server.

SESSION SETTINGS (via admin tool)
Title Value // Action
Session Directory // /tmp
Force Cookie Use // False
Check SSL Session ID // False
Check User Agent // False
Check IP Address // False
Prevent Spider Sessions // True
Recreate Session // True

Suggestions?

#2   njtermite

njtermite
  • Members
  • 90 posts

Posted 30 October 2006 - 06:19

Are you saving your sessions in files or database?

Open /includes/configure.php

And on line 43 look at this code…
define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

Change to
define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

If that’s not it, can you post the url to your store?

Rergards,
Mark

#3   Monika in Germany

Monika in Germany
  • Members
  • 4,903 posts

Posted 30 October 2006 - 08:05

try to set Recreate Session // True -> false

are your session parameters in the config file ok?
:-)
Monika

addicted to writing code ... can't get enough of databases either, LOL!

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

Interactive Media Award July 2007 ~ category E-Commerce
my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

#4   mrlake

mrlake
  • Members
  • 51 posts

Posted 30 October 2006 - 21:03

Are you saving your sessions in files or database?

Open /includes/configure.php

And on line 43 look at this code…

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

Change to
define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

If that’s not it, can you post the url to your store?

Rergards,
Mark



#5   mrlake

mrlake
  • Members
  • 51 posts

Posted 30 October 2006 - 21:28

Thanks for your swift replies, Monica & Mark!

URL to my shopping cart: http://www.redmoonpress.com/catalog/

Monica -- I changed Recreate Session // True -> false and that seemed to fix the problem. Or at least one quick test transaction seemed to indicate that the problem is solved. I thought the Recreate Session parameter might be it, but I wanted to see what wiser heads had to say ;-)

Mark -- The value for "define('STORE_SESSIONS', 'mysql')" is indeed mysql. So I think I am OK there.

Thanks for your help.

Dave

#6   mrlake

mrlake
  • Members
  • 51 posts

Posted 31 October 2006 - 03:44

Spoke too soon :-(

I am still losing session information when I switch from http to https.

HTTP URL: http://www.redmoonpress.com/catalog

HTTPS URL: https://dprhensim57....sy.com/~admin14 (shared SSL)

Example of what I am seeing after making the corrections cited in previous posts:

1. Display Red Moon Press catalog. I do not log in.
I select Book 6. Description of this book displays.

2. Click Add to Cart. Book 6 is added to cart.

3. Click Continue Shopping. Go back to previous page.

4. Display more books. Select Book 4. Description of this book displays.

5. Click Add to Cart. Book 4 is added to cart. Both 4 & 6
are in the cart at this point.

6. Click Checkout. HTTPS server displays Sign In window. Shopping cart
appears empty. (Perhaps this is normal? at this point?)

7. Sign In. Shopping Cart is still empty (not correct). Also, Order History box shows a
different, previous, unsuccessful order under my login, an order for *Book 1* and Book 6.

8. Any time I click a button that takes me back o the HTTP server, I see
my shopping cart with Book 4 & 6 in it. Any time I click a button that
takes me to the HTTPS server, my shopping cart has zero items, but Order History
box shows old, unfortunate order.

Suggestions?

#7   Monika in Germany

Monika in Germany
  • Members
  • 4,903 posts

Posted 31 October 2006 - 10:59

Dave, post your cookie parameters from your config file. They may be a mess ;-)
:-)
Monika

addicted to writing code ... can't get enough of databases either, LOL!

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

Interactive Media Award July 2007 ~ category E-Commerce
my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

#8   mrlake

mrlake
  • Members
  • 51 posts

Posted 31 October 2006 - 11:11

Hi Monica,

I have not turned cookies on yet. Is this the info you requested?

Sessions

Title // Value
Session Directory// /tmp
Force Cookie Use // False
Check SSL Session ID // False
Check User Agent // False
Check IP Address // False
Prevent Spider Sessions // True
Recreate Session // False

#9   mrlake

mrlake
  • Members
  • 51 posts

Posted 31 October 2006 - 11:18

Sorry that I misspelled your name in my earlier posts, Monika.

And yes, I did make a mess of my cookiie parameters in configure.php. Note that I specified the http server in the https cookie domain:

define('HTTP_COOKIE_DOMAIN', 'www.redmoonpress.com');
define('HTTPS_COOKIE_DOMAIN', 'www.redmoonpress.com');


I will turn cookies on, correct above offense, and repost with results. Thanks again for your swift reply.

These look OK to me:

define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

#10   Monika in Germany

Monika in Germany
  • Members
  • 4,903 posts

Posted 31 October 2006 - 11:25

force cookies should be set to false (in case you meant that by turning cookies on)

please show me the first parameters with the domain names for SSL ... yours are really not ok and I need those for correction.
:-)
Monika

addicted to writing code ... can't get enough of databases either, LOL!

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

Interactive Media Award July 2007 ~ category E-Commerce
my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

#11   mrlake

mrlake
  • Members
  • 51 posts

Posted 31 October 2006 - 11:56

Here you go, Monika:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.redmoonpress.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://dprhensim57....sy.com/~admin14'); // shared SSL server from ISP DotEasy
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.redmoonpress.com');
define('HTTPS_COOKIE_DOMAIN', 'https://dprhensim57....sy.com/~admin14');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

#12   Monika in Germany

Monika in Germany
  • Members
  • 4,903 posts

Posted 31 October 2006 - 12:15

aha, you already made a change .... still try

define('HTTP_SERVER', 'http://www.redmoonpress.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://dprhensim57....sy.com/~admin14'); // shared SSL server from ISP DotEasy

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.redmoonpress.com');
define('HTTPS_COOKIE_DOMAIN', 'dprhensim57.doteasy.com/~admin14');
:-)
Monika

addicted to writing code ... can't get enough of databases either, LOL!

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

Interactive Media Award July 2007 ~ category E-Commerce
my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

#13   mrlake

mrlake
  • Members
  • 51 posts

Posted 31 October 2006 - 12:30

Monika,

I made the changes. Here is what I have now for these two values:

define('HTTP_COOKIE_DOMAIN', 'redmoonpress.com');
define('HTTPS_COOKIE_DOMAIN', 'dprhensim57.doteasy.com/~admin14');

I just took an order almost to the point of payment, with the values above in place, and it seems to work. I am no longer seeing the behvavior I described.

Thanks again for your help ;-)

#14   Monika in Germany

Monika in Germany
  • Members
  • 4,903 posts

Posted 31 October 2006 - 12:41

great! I've seen even more success with the . in front of the cookie domain for stubborn sites, but if this works for you, leave as is.
:-)
Monika

addicted to writing code ... can't get enough of databases either, LOL!

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

Interactive Media Award July 2007 ~ category E-Commerce
my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

#15   mrlake

mrlake
  • Members
  • 51 posts

Posted 31 October 2006 - 13:04

OK, I will make that final change ;-)

#16   Tigrish

Tigrish
  • Members
  • 2 posts

Posted 02 June 2011 - 04:54

Hello! I'm having the same problem with SSL configuration. So when the customer wants to checkout his shopping cart is empty. Anytime we go from http to https we sole session information. I'm new in Oscommerce, and read almost thousand post on this theme and still doesn't work. So i'll be very appreciate for any help.

My config file.


// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
if (($_SERVER["HTTP_HOST"] != "www.bikesbaltic.com") OR
($_SERVER["HTTP_HOST"] != "bikesbaltic.com")) {
define('HTTP_SERVER', 'http://'.$_SERVER["HTTP_HOST"]);
} else {
define('HTTP_SERVER', 'http://www.bikesbaltic.com'); // eg, http://localhost - should not be empty for productive servers
}
define('HTTPS_SERVER', 'https://www.bikesbaltic.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'bikesbaltic.com');
define('HTTPS_COOKIE_DOMAIN', 'bikesbaltic.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'



Session Directory = /tmp
Force Cookie Use = False
Check SSL Session ID = False
Check User Agent = False
Check IP Address = False
Prevent Spider Sessions = True
Recreate Session = False

#17   germ

germ
  • Members
  • 13,921 posts

Posted 04 June 2011 - 14:50

For this:

define('HTTPS_COOKIE_DOMAIN', 'bikesbaltic.com');
I'd try:

define('HTTPS_COOKIE_DOMAIN', '.bikesbaltic.com');
or

define('HTTPS_COOKIE_DOMAIN', 'www.bikesbaltic.com');
But you need to fix your SSL cert.

Both IE and Firefox on my machine produce glaring errors about the SSL cert. being "self signed" therefore untrustworthy.

That'll scare customers away faster than a herd of rampaging bull elephants...
/ohmy.gif' class='bbc_emoticon' alt=':o' />

Purchase a SSL cert. from a reliable provider and install it.
/thumbsup.gif' class='bbc_emoticon' alt=':thumbsup:' />
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -

"Headers already sent" - The definitive help

"Cannot redeclare ..." - How to find/fix it

SSL Implementation Help

Like this post? "Like" it again over there >

#18   Tigrish

Tigrish
  • Members
  • 2 posts

Posted 06 June 2011 - 13:18

For this:

define('HTTPS_COOKIE_DOMAIN', 'bikesbaltic.com');
I'd try:

define('HTTPS_COOKIE_DOMAIN', '.bikesbaltic.com');
or

define('HTTPS_COOKIE_DOMAIN', 'www.bikesbaltic.com');
But you need to fix your SSL cert.



Thank you for your reply. Neither of these variants helped. Any other suggestions?

And about the sertificate.. it is purchased, but still gives this mistake.

#19   germ

germ
  • Members
  • 13,921 posts

Posted 06 June 2011 - 23:00

Well the SSL seems fixed now. Neither of my browsers complain about it.

Unfortunately that's the only good news I have...
/blush.gif' class='bbc_emoticon' alt=':blush:' />

Usually the cart dumps because session is lost.

In your case this isn't true.

I checked with Firefox Web Developer plugin and it has a cookie with the session ID in it on the HTTP side.

And the site makes a cookie with the exact same session ID in it on the HTTPS side.

Doesn't make sense to me.
/huh.gif' class='bbc_emoticon' alt=':huh:' />

Must be bad coding in your template.

You are getting the infamous "usecure content" on the SSL pages using IE.

That's because of your "LV Tracker" code in the footer.

You can't load scripts or images from HTTP sources on HTTPS pages.

The easiest is to code it so it doesn't display on SSL pages.

Something like this:

<?php
  if ( $request_type == 'NONSSL' ) {
?>

******** DELETE THIS LINE AND PUT YOUR LV Tracker CODE HERE ********

<?php
  }
?>

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -

"Headers already sent" - The definitive help

"Cannot redeclare ..." - How to find/fix it

SSL Implementation Help

Like this post? "Like" it again over there >

#20   CJ Dennis

CJ Dennis
  • Members
  • 10 posts

Posted 12 August 2011 - 11:45

Hi! I'm having a similar problem. If I stay on a https page after logging in it remembers me. As soon as I go to a http page it forgets the entire session. I've already tried changing the config files as suggested. Help please!