Jump to content
Latest News: (loading..)

Search the Community

Showing results for tags '2.2ms2'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • News and Announcements
    • News and Announcements
    • Partner Announcements
    • Ambassadors
  • Commercial Support
    • Developer Feedback
  • osCommerce Online Merchant v2.x
    • General Support
    • Installation and Configuration
    • Upgrading from Earlier Versions (v2.x to v2.x)
    • Add-Ons
    • Tips and Tricks
    • Security
  • Development
    • osCommerce Online Merchant v2.4
    • osCommerce Online Merchant Community Bootstrap Edition
    • osCommerce Online Merchant v3.x
    • Development Proposals
  • General
    • Next Steps / Optimizations / Marketing
    • Live Shop Reviews
    • E-Commerce Laws
    • General Discussions
    • PHP / SQL / Web Design
  • Club osC's Announcements
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein
  • German Community's OSCOM v3.x

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Real Name




Found 1 result

  1. I have a very heavily modified install of osC 2.2 MS2 - 060817. Recently I changed the entire shop to use HTTPS. To achieve this, I changed the two configure.php files - the one for the shop and the one for the administration section. The relevant part of the shop's configure.php is now: define('HTTP_SERVER', 'https://www.my*web*shop.nl'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.my*web*shop.nl'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.my*web*shop.nl'); define('HTTPS_COOKIE_DOMAIN', 'www.my*web*shop.nl'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); (...) define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' Administration > Configure > Sessions is this: Session Directory /usr/local/sites/*******/tmp/ Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session True Now a problem occurs. The osCsid stays in the URL all the time (not really recommended) and logging in is not possible. If I manually remove the osCsid variable form the URL I can login, but obviously this is not something I can expect my customers to do. I found two possible solutions, by changing the settings in Configure > Sessions: 1. Set the value for "Force Cookie Use" to TRUE. Now the osCsid simply never appears in the URL (is that good or bad?) and visitors must have cookies enabled (workable, but not perfect). or 2. Set the value for "Recreate Session" to FALSE. The osCsid variable keeps on appearing in the URL every click (not really good), but at least the visitor can log in. But these are not really the solutions I want. While the site was completely NON-SSL, the osCsid variable showed up only once in the URL, and disappeared the next click. I do not force visitors to use cookies. And I recreate the session. That's how I like it to be. My question: Why is the behavior different when using SSL? Or rather: what should I do/change so that - visitors can log in - the osCsid variable appears only once in the URL - Force cookie use can be FALSE - Recreate Session can be TRUE just like it used to be when the shop was NONSSL. Or if I am asking something impossible, what are the (serious) down sides to Force Cookie Use : True and Recreate Session : False? For example, I read elsewhere on the forum some vague rumors that some payment processors need an osCsid or that not recreating the session could be a security issue. Btw, the shop is so heavily modified that a complete upgrade to osC 2.3.4 BS Edge or so is not an option.