Latest News: (loading..)

Demitry

Members
  • Content count

    162
  • Joined

  • Last visited

  • Days Won

    5

Demitry last won the day on December 10

Demitry had the most liked content!

About Demitry

Profile Information

  • Real Name
    Demitry
  • Gender
    Male
  • Location
    Seminole, FL
  • Website

Recent Profile Visitors

5,439 profile views

Single Status Update

See all updates by Demitry

  1. strange! i moved with my bootstrapped oscommerce to a new server (debian9, php7, mariadb) and mysql session timeout does not work again. even with the modifications from your addon. but only in admin. catalog user sessions timout as expected. any idea where to look?

    Regards,

    Stephan

    1. Show previous comments  3 more
    2. Demitry

      Demitry

      In theory, it should work fine. I mean the only thing that admin panel session time entry is doing is being stored in the database table to be applied to the conditional statement in /admin/includes/functions/sessions.php to evaluate the time passed since the last page load.

      And, it's the exact same script for the catalog side.

      Let me know if you find out. I'm semi-technical and not that great with sessions. I'd be curious to know. Thanks.

    3. Stephan Gebbers

      Stephan Gebbers

      good to waste some time :/

      so, after forever trying to find whats wrong, i took a closer look into the application_top and login.php

      check that. 

      application_top.php

      // try to automatically login with the HTTP Authentication values if it exists
            if (!tep_session_is_registered('auth_ignore')) {
              if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !empty($_SERVER['PHP_AUTH_PW'])) {
                $redirect_origin['auth_user'] = $_SERVER['PHP_AUTH_USER'];
                $redirect_origin['auth_pw'] = $_SERVER['PHP_AUTH_PW'];
              }
            }

      and login.php

              if (tep_session_is_registered('redirect_origin') && isset($redirect_origin['auth_user']) && !isset($HTTP_POST_VARS['username'])) {
                $username = tep_db_prepare_input($redirect_origin['auth_user']);
                $password = tep_db_prepare_input($redirect_origin['auth_pw']);
              } else {
                $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
                $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
              }

      so, it is made by design not to expire when you use htaccess/htpassword function build in with administrators manager within oscommerce. you are getting logged in again and again until you press logoff or restart your browser where you would have to login by httpauth again.

      good to know :/ so now, without the build in htaccess/htpasswd function it works as expected. the session runs out and i have to relogin. 

      but one question lasts.. why did it not work as supposed to on my old server? :D

    4. Demitry

      Demitry

      yeah, that's good to know, ...I have not set up the htpassword protection on the new BS Edge development site for the admin login yet. So, I did not test that piece of it with the modified contribution, though I thought it should not make a difference.

      I'm not sure as to why it did not work on the other server. 

      I'll try and test it on my set-up at some point. Thank you for the follow-up.

      Demitry