Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

mrlake

Lose Session Details Between http and https Page of the Catalog?

31 posts in this topic

PROBLEM: If I select an item, add it my cart, select checkout, then login, my shopping cart is empty.

 

MY GUESS: Maybe the session details are lost between the pages that use an HTTP server and the pages that use an HTTPS server.

 

SESSION SETTINGS (via admin tool)

Title Value // Action

Session Directory // /tmp

Force Cookie Use // False

Check SSL Session ID // False

Check User Agent // False

Check IP Address // False

Prevent Spider Sessions // True

Recreate Session // True

 

Suggestions?

Share this post


Link to post
Share on other sites

Are you saving your sessions in files or database?

 

Open /includes/configure.php

 

And on line 43 look at this code?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

Change to

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

If that?s not it, can you post the url to your store?

 

Rergards,

Mark

Share this post


Link to post
Share on other sites
Are you saving your sessions in files or database?

 

Open /includes/configure.php

 

And on line 43 look at this code?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

Change to

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

If that?s not it, can you post the url to your store?

 

Rergards,

Mark

Share this post


Link to post
Share on other sites

Thanks for your swift replies, Monica & Mark!

 

URL to my shopping cart: http://www.redmoonpress.com/catalog/

 

Monica -- I changed Recreate Session // True -> false and that seemed to fix the problem. Or at least one quick test transaction seemed to indicate that the problem is solved. I thought the Recreate Session parameter might be it, but I wanted to see what wiser heads had to say ;-)

 

Mark -- The value for "define('STORE_SESSIONS', 'mysql')" is indeed mysql. So I think I am OK there.

 

Thanks for your help.

 

Dave

Share this post


Link to post
Share on other sites

Spoke too soon :-(

 

I am still losing session information when I switch from http to https.

 

HTTP URL: http://www.redmoonpress.com/catalog

 

HTTPS URL: https://dprhensim57.doteasy.com/~admin14 (shared SSL)

 

Example of what I am seeing after making the corrections cited in previous posts:

 

1. Display Red Moon Press catalog. I do not log in.

I select Book 6. Description of this book displays.

 

2. Click Add to Cart. Book 6 is added to cart.

 

3. Click Continue Shopping. Go back to previous page.

 

4. Display more books. Select Book 4. Description of this book displays.

 

5. Click Add to Cart. Book 4 is added to cart. Both 4 & 6

are in the cart at this point.

 

6. Click Checkout. HTTPS server displays Sign In window. Shopping cart

appears empty. (Perhaps this is normal? at this point?)

 

7. Sign In. Shopping Cart is still empty (not correct). Also, Order History box shows a

different, previous, unsuccessful order under my login, an order for *Book 1* and Book 6.

 

8. Any time I click a button that takes me back o the HTTP server, I see

my shopping cart with Book 4 & 6 in it. Any time I click a button that

takes me to the HTTPS server, my shopping cart has zero items, but Order History

box shows old, unfortunate order.

 

Suggestions?

Share this post


Link to post
Share on other sites

Hi Monica,

 

I have not turned cookies on yet. Is this the info you requested?

 

Sessions

 

Title // Value

Session Directory// /tmp

Force Cookie Use // False

Check SSL Session ID // False

Check User Agent // False

Check IP Address // False

Prevent Spider Sessions // True

Recreate Session // False

Share this post


Link to post
Share on other sites

Sorry that I misspelled your name in my earlier posts, Monika.

 

And yes, I did make a mess of my cookiie parameters in configure.php. Note that I specified the http server in the https cookie domain:

 

define('HTTP_COOKIE_DOMAIN', 'www.redmoonpress.com');

define('HTTPS_COOKIE_DOMAIN', 'www.redmoonpress.com');

 

 

I will turn cookies on, correct above offense, and repost with results. Thanks again for your swift reply.

 

These look OK to me:

 

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

Share this post


Link to post
Share on other sites

force cookies should be set to false (in case you meant that by turning cookies on)

 

please show me the first parameters with the domain names for SSL ... yours are really not ok and I need those for correction.

Share this post


Link to post
Share on other sites

Here you go, Monika:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.redmoonpress.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://dprhensim57.doteasy.com/~admin14'); // shared SSL server from ISP DotEasy

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.redmoonpress.com');

define('HTTPS_COOKIE_DOMAIN', 'https://dprhensim57.doteasy.com/~admin14');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

Share this post


Link to post
Share on other sites

aha, you already made a change .... still try

 

define('HTTP_SERVER', 'http://www.redmoonpress.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://dprhensim57.doteasy.com/~admin14'); // shared SSL server from ISP DotEasy

 

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

define('HTTP_COOKIE_DOMAIN', '.redmoonpress.com');

define('HTTPS_COOKIE_DOMAIN', 'dprhensim57.doteasy.com/~admin14');

Share this post


Link to post
Share on other sites

Monika,

 

I made the changes. Here is what I have now for these two values:

 

define('HTTP_COOKIE_DOMAIN', 'redmoonpress.com');

define('HTTPS_COOKIE_DOMAIN', 'dprhensim57.doteasy.com/~admin14');

 

I just took an order almost to the point of payment, with the values above in place, and it seems to work. I am no longer seeing the behvavior I described.

 

Thanks again for your help ;-)

Share this post


Link to post
Share on other sites

great! I've seen even more success with the . in front of the cookie domain for stubborn sites, but if this works for you, leave as is.

Share this post


Link to post
Share on other sites

Hello! I'm having the same problem with SSL configuration. So when the customer wants to checkout his shopping cart is empty. Anytime we go from http to https we sole session information. I'm new in Oscommerce, and read almost thousand post on this theme and still doesn't work. So i'll be very appreciate for any help.

 

My config file.

 

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

if (($_SERVER["HTTP_HOST"] != "www.bikesbaltic.com") OR

($_SERVER["HTTP_HOST"] != "bikesbaltic.com")) {

define('HTTP_SERVER', 'http://'.$_SERVER["HTTP_HOST"]);

} else {

define('HTTP_SERVER', 'http://www.bikesbaltic.com'); // eg, http://localhost - should not be empty for productive servers

}

define('HTTPS_SERVER', 'https://www.bikesbaltic.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'bikesbaltic.com');

define('HTTPS_COOKIE_DOMAIN', 'bikesbaltic.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

 

 

Session Directory = /tmp

Force Cookie Use = False

Check SSL Session ID = False

Check User Agent = False

Check IP Address = False

Prevent Spider Sessions = True

Recreate Session = False

Share this post


Link to post
Share on other sites

For this:

 

  define('HTTPS_COOKIE_DOMAIN', 'bikesbaltic.com');

I'd try:

 

  define('HTTPS_COOKIE_DOMAIN', '.bikesbaltic.com');

or

 

  define('HTTPS_COOKIE_DOMAIN', 'www.bikesbaltic.com');

But you need to fix your SSL cert.

 

Both IE and Firefox on my machine produce glaring errors about the SSL cert. being "self signed" therefore untrustworthy.

 

That'll scare customers away faster than a herd of rampaging bull elephants...

:o

 

Purchase a SSL cert. from a reliable provider and install it.

:thumbsup:

Share this post


Link to post
Share on other sites

For this:

 

  define('HTTPS_COOKIE_DOMAIN', 'bikesbaltic.com');

I'd try:

 

  define('HTTPS_COOKIE_DOMAIN', '.bikesbaltic.com');

or

 

  define('HTTPS_COOKIE_DOMAIN', 'www.bikesbaltic.com');

But you need to fix your SSL cert.

 

 

Thank you for your reply. Neither of these variants helped. Any other suggestions?

 

And about the sertificate.. it is purchased, but still gives this mistake.

Share this post


Link to post
Share on other sites

Well the SSL seems fixed now. Neither of my browsers complain about it.

 

Unfortunately that's the only good news I have...

:blush:

 

Usually the cart dumps because session is lost.

 

In your case this isn't true.

 

I checked with Firefox Web Developer plugin and it has a cookie with the session ID in it on the HTTP side.

 

And the site makes a cookie with the exact same session ID in it on the HTTPS side.

 

Doesn't make sense to me.

:huh:

 

Must be bad coding in your template.

 

You are getting the infamous "usecure content" on the SSL pages using IE.

 

That's because of your "LV Tracker" code in the footer.

 

You can't load scripts or images from HTTP sources on HTTPS pages.

 

The easiest is to code it so it doesn't display on SSL pages.

 

Something like this:

 

<?php
 if ( $request_type == 'NONSSL' ) {
?>

******** DELETE THIS LINE AND PUT YOUR LV Tracker CODE HERE ********

<?php
 }
?>

Share this post


Link to post
Share on other sites

Hi! I'm having a similar problem. If I stay on a https page after logging in it remembers me. As soon as I go to a http page it forgets the entire session. I've already tried changing the config files as suggested. Help please!

Share this post


Link to post
Share on other sites

I've just checked the "whos_online" table and the session_id doesn't change, (the osCsid cookie in my browser is the same too), only full_name changes from the actual name to Guest. Somehow the site is automatically logging me off when I go to http?

Share this post


Link to post
Share on other sites

I can't help fix what I can't see.

 

I'll need the store URL, either posted on the forum or sent in a PM.

Share this post


Link to post
Share on other sites

Thanks germ. It's secure.imagemelbourne.com.au for both http and https. It's being migrated to a new server from the old address of www.imagemelbourne.com.au

Share this post


Link to post
Share on other sites

In the config file be sure you have this defined as below:

 

  define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

Currently the site isn't making any cookies.

 

For the cookie settings in the config file try these:

 

  define('HTTP_COOKIE_DOMAIN', '.secure.imagemelbourne.com.au');
 define('HTTPS_COOKIE_DOMAIN', '.secure.imagemelbourne.com.au');
 define('HTTP_COOKIE_PATH', '/store/catalog/');
 define('HTTPS_COOKIE_PATH', '/store/catalog/');

Or these:

 

  define('HTTP_COOKIE_DOMAIN', 'secure.imagemelbourne.com.au');
 define('HTTPS_COOKIE_DOMAIN', 'secure.imagemelbourne.com.au');
 define('HTTP_COOKIE_PATH', '/store/catalog/');
 define('HTTPS_COOKIE_PATH', '/store/catalog/');

Share this post


Link to post
Share on other sites

The config file is already set as per examples 1 & 3. I'll try #2 and see what happens. I am getting one cookie on my browser, osCid which is reflected in the "whos_online" user table.

Share this post


Link to post
Share on other sites