30 replies to this topic

[CJ Dennis]

I've just checked the "whos_online" table and the session_id doesn't change, (the osCsid cookie in my browser is the same too), only full_name changes from the actual name to Guest. Somehow the site is automatically logging me off when I go to http?

[germ]

I can't help fix what I can't see.

I'll need the store URL, either posted on the forum or sent in a PM.

[CJ Dennis]

Thanks germ. It's secure.imagemelbourne.com.au for both http and https. It's being migrated to a new server from the old address of www.imagemelbourne.com.au

[germ]

In the config file be sure you have this defined as below:

  define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

Currently the site isn't making any cookies.

For the cookie settings in the config file try these:

  define('HTTP_COOKIE_DOMAIN', '.secure.imagemelbourne.com.au');
  define('HTTPS_COOKIE_DOMAIN', '.secure.imagemelbourne.com.au');
  define('HTTP_COOKIE_PATH', '/store/catalog/');
  define('HTTPS_COOKIE_PATH', '/store/catalog/');

Or these:

  define('HTTP_COOKIE_DOMAIN', 'secure.imagemelbourne.com.au');
  define('HTTPS_COOKIE_DOMAIN', 'secure.imagemelbourne.com.au');
  define('HTTP_COOKIE_PATH', '/store/catalog/');
  define('HTTPS_COOKIE_PATH', '/store/catalog/');

[CJ Dennis]

The config file is already set as per examples 1 & 3. I'll try #2 and see what happens. I am getting one cookie on my browser, osCid which is reflected in the "whos_online" user table.

[CJ Dennis]

Adding the dot before the cookie domains had no effect, either positive or negative. I just noticed, however, that the old site only uses the osCsid in the address, it doesn't ever set it as a cookie. I'll settle for that at the moment if I can get that working.

[smiler99]

hi Germ,

I am having a similar but slightly wierd problem

i can add an item to my cart, goto basket which shows the item,continue to checkout, login and continue to shipping etc. no problems (ie 8)

a colleague adds an item to cart, goes to checkout, logs in but cart then shows empty, if they go back to a non ssl page then the item shows back in cart ? they also use IE but not sure which version

the issue is that i dont know how many users can / cant get to checout and therefore dont know how many sales im losing, we do get visitors with baskets and no sale but that would happen anyway. Do you have any suggestions.

config is set to

define('HTTP_SERVER', 'http://www.fireplace2u.co.uk');
define('HTTPS_SERVER', 'https://www.fireplace2u.co.uk');
define('ENABLE_SSL', 'true');
define('HTTP_COOKIE_DOMAIN', '.fireplace2u.co.uk');
define('HTTPS_COOKIE_DOMAIN', '.fireplace2u.co.uk');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');


session admin is set to

Session Directory /tmp/
Force Cookie Use False
Check SSL Session ID True
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session True
Session Lifetime 60

many thanks

[germ]

The site works for me and my browsers (IE7 and FF3.0)

You could try setting "Force Cookie Use" to true and changing the cookie domains to:

  define('HTTP_COOKIE_DOMAIN', 'www.fireplace2u.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www.fireplace2u.co.uk');

If that doesn't help I don't have a clue.

[smiler99]

germ, on 17 August 2011, 21:04, said:

The site works for me and my browsers (IE7 and FF3.0)

You could try setting "Force Cookie Use" to true and changing the cookie domains to:

  define('HTTP_COOKIE_DOMAIN', 'www.fireplace2u.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www.fireplace2u.co.uk');

If that doesn't help I don't have a clue.

Germ, thanks for trying, further information if this helps

when i try i retain OSCSID as a value in the url (this only happens when moving through secure pages) - not sure i this is the same for you

when my colleague tries they lose the oscsid

to also add i have set recreate session to false, i continue to work ok, but y colleague still loses his cart

my configure.php files are ok and checked against every other post regarding this issue, which seems to fx the issue for most people

i hate being beat!, i will continue to investigate, however as i am sure you are aware it is extremely difficult to fix a problem that i cant replicate..

chris.

[CJ Dennis]

Adding to smiler99's post, is there a way to set osCommerce to use cookies instead of the osCsid in the address? How about sharing cookies across http and https for the same domain? For the moment the only way I can get the site working is to set the config file as follows:

define('HTTP_SERVER', 'https://secure.imagemelbourne.com.au'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://secure.imagemelbourne.com.au'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'secure.imagemelbourne.com.au');
define('HTTPS_COOKIE_DOMAIN', '');
define('HTTP_COOKIE_PATH', '/store/catalog/');
define('HTTPS_COOKIE_PATH', '/store/catalog/');
define('DIR_WS_HTTP_CATALOG', '/store/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/store/catalog/');

Note that I have set both

HTTP_SERVER

and

HTTPS_SERVER

to https.

[germ]

It IS supposed to use the cookie.

If the changes I suggested afew posts ago don't work I don't know what else to change.

Having the store HTTPS all the time really isn't considered a very good idea.