♥Vger Posted December 22, 2006 Share Posted December 22, 2006 Experienced users will know that osCommerce, even without 'Force Cookie Use' will stop displaying the osCommerce session id within one or two clicks of landing on a website - but this period is enough time for a Search Engine to generate a session id, unless it is listed in includes/spiders.txt and 'Prevent Spider Sessions' is set to 'true' in osCommerce admin. This tip is a workaround for that. Unfortunately, like Force Cookie Use it won't work with a shared ssl - which would have yielded the greatest benefits to people. However, it has been tested online and offline on the latest version of osCommerce using no SSL and full SSL. Agh! But experienced users will say "If we use no SSL or full SSL then we can turn on Force Cookie Use and get rid of the session id that way - so what use is this?". The answer is that not everyone will want to turn on Force Cookie Use because it will cost them a few customers here and there. Okay, that's the reasoning, so what's the fix? If your site is hosted on an Apache server with Mod Rewrite enabled you should be able to install Chemo's "Ultimate SEO URL's" contribution. With one minor edit, to one file, this will allow you to remove the session id from the address bar. In the modification for Ultimate SEO URL's to includes/functions/html_output.php you'll find this piece of code: $add_session_id = true and you change it to: $add_session_id = false The session id does appear in the sessions table in the database, but not in the page address. Remember, if tempted to use this. 1. It doesn't work with shared SSL! 2. It doesn't work on Windows servers (because Ultimate SEO URL's doesn't work on Windows servers) 3. Apache servers must have Mod Rewrite enabled 4. You must, of course, install Ultimate SEO URL's, with the minor code alteration Vger Link to comment Share on other sites More sharing options...
rumi Posted January 4, 2007 Share Posted January 4, 2007 Hi Vger, I just installed Ultimate SEO urls v21da and get this message when I go to my store: Fatal error: Call to a member function on a non-object in /var/www/html/includes/header.php on line 14 Any thoughts. Thanks Link to comment Share on other sites More sharing options...
♥Vger Posted January 4, 2007 Author Share Posted January 4, 2007 You haven't installed Ultimate SEO URL's correctly, or else you are on a Windows server. Vger Link to comment Share on other sites More sharing options...
rumi Posted January 4, 2007 Share Posted January 4, 2007 Hi Again, Another problem: when in Admin, after clicking on "Categories: I get this message-- 1054 - Unknown column 'cd.categories_seo_url' in 'field list' select c.categories_id, cd.categories_name, cd.categories_seo_url, c.categories_image, c.parent_id, c.sort_order, c.date_added, c.last_modified from categories c, categories_description cd where c.parent_id = '0' and c.categories_id = cd.categories_id and cd.language_id = '1' order by c.sort_order, cd.categories_name I forgot to mention that I have STSv4.3.3 on a new install of osc 2.2MS2 Thank You Link to comment Share on other sites More sharing options...
rumi Posted January 4, 2007 Share Posted January 4, 2007 Sorry, I didnt see your last post before I posted again. I am on Apache + MOD with a full SSL. I suspect I need to make some additions to the SQL Database? Hope you had a nice Holiday. Link to comment Share on other sites More sharing options...
rumi Posted January 4, 2007 Share Posted January 4, 2007 I went in to Admin>Configurations and SEO URLs in there. There are alot of settings set already. The only change I made was enableing the cPath from False to True. So that Im not bothering you, do you know of a support thread where no doubt these questions have already been addressed? Marion Link to comment Share on other sites More sharing options...
♥Vger Posted January 4, 2007 Author Share Posted January 4, 2007 Ultimate SEO URL's installs itself as soon as the site is launched following the install. However, it rewrites 'on the fly' so makes no change to the database and for this reason you shouldn't be getting the error you are getting. Back to my earlier point - it looks as though you haven't installed it correctly. Unfortunately the person who wrote this great contribution is banned from the forums. There may be an official support thread for it but as to who would be responsible now for answering questions on it I don't know. Vger Link to comment Share on other sites More sharing options...
rumi Posted January 5, 2007 Share Posted January 5, 2007 Im considering un-installing it. But first I will post a topic to see if I can get some advice concerning the header.php error. Since I overwrote some files, I wonder if I have to un-install all of osc? Please No Link to comment Share on other sites More sharing options...
reflous Posted January 5, 2007 Share Posted January 5, 2007 Vger, search engines have definitely picked up my osCid and I'd like to get rid of it. However, I don't really understand what this mod does. I see from the code that the session id will no longer be appended to the $link (url) but what are the implications of this? How does the session id get properly carried forward for users if this is turned off? Thanks! Link to comment Share on other sites More sharing options...
reflous Posted January 5, 2007 Share Posted January 5, 2007 Vger, search engines have definitely picked up my osCid and I'd like to get rid of it. However, I don't really understand what this mod does. I see from the code that the session id will no longer be appended to the $link (url) but what are the implications of this? How does the session id get properly carried forward for users if this is turned off? Sorry, just to add to this. I disabled cookies and set all instances of $add_session_id to false and then oscommerce stops working. You can't add products to the shopping cart anymore. Did I do something wrong, or is this just a mod to force the use of cookies? Link to comment Share on other sites More sharing options...
♥Vger Posted January 5, 2007 Author Share Posted January 5, 2007 Sorry - I made a mistake. I thought this mod just removed the session id from the address bar - but what it is actually doing is removing it completely and so forcing cookie use via another method. Back to the drawing board! Vger Link to comment Share on other sites More sharing options...
BugReport Posted January 5, 2007 Share Posted January 5, 2007 Vger, search engines have definitely picked up my osCid and I'd like to get rid of it. However, I don't really understand what this mod does. I see from the code that the session id will no longer be appended to the $link (url) but what are the implications of this? How does the session id get properly carried forward for users if this is turned off? Thanks! How to remove session ID appended URLs from the search engine index Link to comment Share on other sites More sharing options...
♥Vger Posted January 5, 2007 Author Share Posted January 5, 2007 Nice one! Rhea Link to comment Share on other sites More sharing options...
tabathasiren Posted October 27, 2007 Share Posted October 27, 2007 worked like a charm:) Just the nugget I was looking for.. Link to comment Share on other sites More sharing options...
Guest Posted October 30, 2007 Share Posted October 30, 2007 Sorry - I made a mistake. I thought this mod just removed the session id from the address bar - but what it is actually doing is removing it completely and so forcing cookie use via another method. Back to the drawing board! Vger Rhea Have you managed to come up with a solution , I have ultimate seo url's installed, but need to get rid of the oscsid. Link to comment Share on other sites More sharing options...
Guest Posted January 6, 2008 Share Posted January 6, 2008 Rhea Have you managed to come up with a solution , I have ultimate seo url's installed, but need to get rid of the oscsid. Has anyone tried this: Session Start Mod Link to comment Share on other sites More sharing options...
eitai2001 Posted June 9, 2008 Share Posted June 9, 2008 Hi guys. I found something that seemed to work perfectly for me, and now I don't see the oscID unless cookies are disabled in my browser. Here is the post I found that helped me out: Right guys, Not 100% up to speed on this yet but after reaching 99% I did do a couple of celebratory laps of the sitting room!! Yes, the sitting room is where I get most of the proper work done - I spent all day at the shop just sorting out orders, replying to probably dead end e-mails and the rest of the standard shop work!! How I am ever going to compete with Amazon I will never know! Still the major breakthrough has been made, only one potential problem left which I will mention at the end. Ok, Sessions..... It would appear to me that a very large number of users do not have OScommerce configured correctly (Including myself). I assumed that every user was issued a (visible) session ID. All the OScommerce sites I had visited, and that is a lot of sites since I have been working on mine, have issued me with a session ID in the URL. Now, this does not need to happen so long as cookies are enabled on the users browser. The 2.2 ms version of OScommerce (dont know about previous versions) is very clever.... Once a new customer visits your site, OSc will try to reply to the customer with cookies enabled, if it does not recieve the response it wants, ie cookies are disabled, then and only then will it assign the user a session ID. This make sense so far? It took me some bl**dy working out. Now, knowing that generally speaking sessions are a bad idea security wise for your site/customers (they are open to abuse if another user can access the same open session), OSc will use cookies when it can. You know it is using cookies when the URL does not contain a reet big long OSCid number. So, what are the correct settings for your config file, I hear you ask! Well, mine is now, define('HTTP_SERVER', 'http://www.mydomain.co.uk'); // eg, <http://localhost> - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.mydomain.co.uk'); // eg, <https://localhost> - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'mydomain.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'mydomain.co.uk'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); And all appears well. I would say things get a little more confusing if you are on a shared SSL but if anyones interested I could probably find and post the answers here later (when I get a spare five minutes!) OK, so to summarise so far, if, in your admin you have FORCE COOKIE USE set to FALSE, any users with cookies enabled should see a nice short URL and if the customer has cookies disabled they will see a chuffing great long URL with a session id tagged on the end. So going back to my original post about how to set up the SESSIONS in admin, I guess its better to not set FORCE COOKIE USE to true, as this will certainly prevent AOL users, amongst others from accessing your shop (Cheers Rhea for that pointer). Everything I have read indicates that PREVENT SPIDER SESSIONS must be set to TRUE as a matter of security. As far as the rest of the settings go, not sure yet!! Will try and do a bit more reading. If I am going over old ground for you experienced hands, please put me out of my misery and save me a bit of time by letting me know the best set up! Right, after creating the worlds longest post tonight I think I am going to clear off to bed - The only thing left to explain is why I have not implemented these new settings on my site. Well, it all boils down to my old friend the HSBC secure e-payments!! I have hard coded (I think thats the correct techie term) a session id into the return post from the HSBC site, Doh!! It was the only way I could get it working at the time. Now, how this is going to be affected by using cookies I am not quite sure and am certainly not prepared to think about or try to change after a half a bottle of Johnny Walker - Thats a job for another day (when I get another spare five minutes). Cheers for now. Richard. Regards Itai Link to comment Share on other sites More sharing options...
AshishMakwana Posted July 3, 2008 Share Posted July 3, 2008 Experienced users will know that osCommerce, even without 'Force Cookie Use' will stop displaying the osCommerce session id within one or two clicks of landing on a website - but this period is enough time for a Search Engine to generate a session id, unless it is listed in includes/spiders.txt and 'Prevent Spider Sessions' is set to 'true' in osCommerce admin. This tip is a workaround for that. Unfortunately, like Force Cookie Use it won't work with a shared ssl - which would have yielded the greatest benefits to people. However, it has been tested online and offline on the latest version of osCommerce using no SSL and full SSL. Agh! But experienced users will say "If we use no SSL or full SSL then we can turn on Force Cookie Use and get rid of the session id that way - so what use is this?". The answer is that not everyone will want to turn on Force Cookie Use because it will cost them a few customers here and there. Okay, that's the reasoning, so what's the fix? If your site is hosted on an Apache server with Mod Rewrite enabled you should be able to install Chemo's "Ultimate SEO URL's" contribution. With one minor edit, to one file, this will allow you to remove the session id from the address bar. In the modification for Ultimate SEO URL's to includes/functions/html_output.php you'll find this piece of code: $add_session_id = true and you change it to: $add_session_id = false The session id does appear in the sessions table in the database, but not in the page address. Remember, if tempted to use this. 1. It doesn't work with shared SSL! 2. It doesn't work on Windows servers (because Ultimate SEO URL's doesn't work on Windows servers) 3. Apache servers must have Mod Rewrite enabled 4. You must, of course, install Ultimate SEO URL's, with the minor code alteration Vger hello Vger, i have change osCsid but there is problem is that the PHPSESSSID is appear on url.so if you have idea about it please send me early.thanks. Link to comment Share on other sites More sharing options...
Guest Posted July 12, 2008 Share Posted July 12, 2008 great stuff Vger, RIP session ids Link to comment Share on other sites More sharing options...
Guest Posted July 15, 2008 Share Posted July 15, 2008 Hi Vger, I noticed sometimes conditions.php is still showing a sesion id conditions.php?osCsid=c8scnaatceka50og6qvvu0aic3 Link to comment Share on other sites More sharing options...
♥toyicebear Posted July 16, 2008 Share Posted July 16, 2008 This is from the author: Sorry - I made a mistake. I thought this mod just removed the session id from the address bar - but what it is actually doing is removing it completely and so forcing cookie use via another method. Back to the drawing board! Vger So its a far better solution to just go into your shop admin and under configuration >> sessions simply set force cookies to true Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
homewetbar Posted March 23, 2009 Share Posted March 23, 2009 How to remove session ID appended URLs from the search engine index Although clever this does not work with SEO URLs, it just creates a standard link creating duplicates in google's catalog... Most Valuable OsCommerce Contributions: Also Purchased (AP) Preselection (cuts this resource hogging query down to nothing) -- Contribution 3294 FedEx Automated Labels -- Contribution 2244 RMA Returns system -- Contribution 1136 Sort Products By Dropdown -- Contribution 4312 Ultimate SEO URLs -- Contribution 2823 Credit Class & Gift Voucher -- Contribution 282 Cross-Sell -- Contribution 5347 Link to comment Share on other sites More sharing options...
Imi78 Posted April 18, 2009 Share Posted April 18, 2009 Although clever this does not work with SEO URLs, it just creates a standard link creating duplicates in google's catalog... So what solution should be used with ULTIMATE SEO??? ImI Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.