Jump to content
Sign in to follow this  
Ian

[Contribution] Googlebot/Spider session id killer

Recommended Posts

Ian,

 

Just to let you and everyone else know, there seems to be a little bit of a conflict between the "Auto Login" contribution and this one. Anyone that has both of them installed might incur a little bit a difficulty.


-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Share this post


Link to post
Share on other sites

Nice one!

Works a treat.

 

But why the bloody hell am I still being redirected back to the homepage instead of the intended page? :onfire:

 

It must be something I have done previously, but I cant see which bit of code effects this function.

 

Anyone... help... :(

 

CC.

Share this post


Link to post
Share on other sites

Hi,

 

just tried your actuel SID Killer, but I really runs into Problems with it.

 

I think I installed all your code correct (tried it several times...). But the problem still exists.

 

The Problem:

After login all seems good. I can click on My Account, everything ok. But after klicking on a catagory (only a example), I?m logged out again! This seems to happen everytime the shop changes the mode from ssl -> no ssl.

I realy don?t have a idea what to do know....

 

Tnx

 

Alex

Share this post


Link to post
Share on other sites
just tried your actuel SID Killer, but I really runs into Problems with it.

 

This seems to happen everytime the shop changes the mode from ssl -> no ssl.

 

Can anyone else verify this. I don't have ssl setup on my dev machine. (Need to find a free ssl certificate)


Trust me, I'm an Accountant.

Share this post


Link to post
Share on other sites

I run SSL and this does not happen to me...

 

Ian, for a free cert you can get one at freessl.com (they specifically give them away for the purpose of delevopment).


The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Share this post


Link to post
Share on other sites

Ian;

 

On my site at http://farmex.now.tc/catalog/index.php , here is what I get from http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi without SIDKiller installed:

and with it installed (including your latest update in this thread):

The SID in a search engine's results are eliminated as shown above, but then a couple of problems are created (also mentioned earlier in this thread):

 

1) Example- Click on 'My Account' and you are taken to login page (OK), fill form and click on 'Sign In' and you are logged in but returned to the index page (NOT OK), from there you can click again and go to 'My Account'. If not for the problem shown next, this might be a minor irritant that could be lived with.

 

2) Once signed in and returned to the index page as per above, click on a product and you are taken to that product's info page, BUT you are kicked out of being logged in (definitely NOT OK)

 

Another interesting effect that I noticed without the SIDKiller installed that I don't understand is that when I go to the index page with a fresh browser, the browser shows a SID on all of the links but, if I refresh it, all of the SIDs disappear. If I wasn't worried about being penalized by search engines for an automatic instant refresh anytime the site was loaded, I might consider that if it would eliminate the SIDs for the spiders.


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

and a P.S.

 

Yes, I am confirming that the being kicked out of login seems to happen when you move from SSL to a NONSSL link.


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

Stuart,

 

Just spent 10 minutes on your site. haven't been able to reproduce the logging out problem :cry:

 

Except when using the addtocart.php contribution. This does not seem to be following osCommerce standards in adding an sid to the link.


Trust me, I'm an Accountant.

Share this post


Link to post
Share on other sites

No, everything seems fine for me, no kick outs etc.

 

Only problem I have is the redirection thing.

Still found no cure for that yet. :onfire:

 

CC.

Share this post


Link to post
Share on other sites

Ian;

 

Did you go to index page, click on 'My Account' tab at the upper right without anything in cart and, upon being returned to the index page after logging in, immediately click on one of the individual items that is shown either in featured products or specials? When I do this, I am consistantly logged out when I am sent to the product_info page.


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

First, my thanks to Ian for all of the time spent in creating this in the first place and then putting up with me as I keep presenting problems that don't seem to be able to be re-created :oops:

 

I just had a flash of brilliance that reminded me that I had made some changes to eliminate the security popup that was appearing when logging in. I'll have to go back to see if I can find where they were made, but it just occurred to me that this may be where they 'kicking' out of login problem is.

 

After I log in with SIDKiller installed and am returned to the index page, I am still in secure mode (i.e. at this address: https://secure14.vosn.net/~farmex/catalog/i...a75f285535f5c2d )

 

This should not be, should it? I suspect that, if I was returned to the non-secure index, that I would still show logged in but would not get booted when I clicked on a non-secure link.

 

Can anyone confirm?


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

I followed your instructions, and yes I do keep getting kicked out (muggity sends the men in white coats away)

 

I'm not sure why this happens as the sid is there on the url, and should propagate the session.

 

Have you found the code changes you made which might relate.

 

.


Trust me, I'm an Accountant.

Share this post


Link to post
Share on other sites

Hi Ian

 

The new one works great. But i have one question. If i disable cookis in my browser everything is fine, but if i try to add a product to the shopping cart i get an error. If i refresh the site.....No product in the basket.......

Thats correct for google and friends, bur whats happend if a customer disabeld cookies in his browser?

 

Must i change the buy now button into form? I find no session id?

And where is the addon to change the buy now. I can't find it

 

May the bug is in my shop. If i try to change the site after page is full loaded i get also an error. After refresh all is fine.......

 

I'm not shure that my application tio is correct.

 

require(DIR_WS_CLASSES . 'breadcrumb.php');

 

$breadcrumb = new breadcrumb;

$breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER);

$breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link(FILENAME_DEFAULT));

 

//================================================================

if ( ($HTTP_GET_VARS['currency']) ) {

tep_session_register('kill_sid');

$kill_sid=false;

}

if (basename($_SERVER['HTTP_REFERER']) == 'allprods.php' ) $kill_sid = true;

if ( ( !tep_session_is_registered('customer_id') ) && ( $cart->count_contents()==0 ) && (!tep_session_is_registered('kill_sid') ) ) $kill_sid = true;

if (basename($PHP_SELF) == FILENAME_LOGIN ) $kill_sid = false;

//================================================================

 

Thanks

Share this post


Link to post
Share on other sites

I dunno... maybe I should call the men in the white coats and have them take me away :shock:

 

Below is my code as it appears in html_output.php with SIDKiller active

////

// The HTML href link wrapper function

 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {



// BEGIN SIDKiller code

 global $kill_sid, $HTTP_GET_VARS;

// END SIDKiller code



   if (!tep_not_null($page)) {

     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');

   }



   if ($connection == 'NONSSL') {

     $link = HTTP_SERVER . DIR_WS_CATALOG;

   } elseif ($connection == 'SSL') {

     if (ENABLE_SSL == true) {

       $link = HTTPS_SERVER . DIR_WS_CATALOG;

     } else {

       $link = HTTP_SERVER . DIR_WS_CATALOG;

     }

   } else {

     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');

   }



// BEGIN SIDKiller code

if ($HTTP_GET_VARS['language'] && $kill_sid) {

     if (tep_not_null($parameters)) {

       $parameters = ereg_replace("[&]language=[a-z][a-z]", "", $parameters);

     }

     if (tep_not_null($parameters)) {

       $parameters .= "&language=" . $HTTP_GET_VARS['language'];

     } else {

       $parameters = "language=" . $HTTP_GET_VARS['language'];

     }

   }

// END SIDKiller code



   if (tep_not_null($parameters)) {

     $link .= $page . '?' . $parameters;

     $separator = '&';

   } else {

     $link .= $page;

     $separator = '?';



   if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {

     while (strstr($link, '&&')) $link = str_replace('&&', '&', $link);



     $link = str_replace('?', '/', $link);

     $link = str_replace('&', '/', $link);

     $link = str_replace('=', '/', $link);



     $separator = '?';

   }



//    if (isset($sid)) {

//      $link .= $separator . $sid;

//    }



// BEGIN SIDKiller code - uncomment above if not using SIDKiller code

   if (isset($sid) && ( !$kill_sid ) ) {

     $link .= $separator . $sid;

   }

// END SIDKiller code



   return $link;

 }

If I comment out all of the SIDKiller code in html_output.php as I have done now (for the time being, I haven't touched the SIDKiller code change in application_top.php - it is still active), the kick out of login problem disappears.

 

If you go now to http://farmex.now.tc/catalog/index.php with nothing in your shopping cart, you should find that, if you log in from the login box in column_left, you are logged in and returned to index.php in secure mode. You can then click on an item (I tested one in featured products at the bottom of the index page) and you are taken to the item's product_info page, out of secure mode now, but still logged in.

 

The same happens if you use the login link to go first to the login page, log in (whereupon you are returned to the index page in secure mode) and click on an item - you still move around as described above.

 

The same happens if you click on the 'My Account' tab at the upper right. You are taken to the login page, login, then you are taken to the 'My Account Information' page, click on the item that is in the specials box in column_right and you are taken to that item's product_info page, out of secure mode but still logged in.

 

Please Note: The only change that has been made is that the SIDKiller code in html_output has been commented out. The SIDKiller changes in application_top are still in place.

 

I have made a number of changes, including the enhanced login box (as you see if you log in), some changes offered by Ajeh to squash security warning popups and quite a few others, but the undesireable effect of being kicked out of login when moving from a secure to a non-secure page disappears with the elimination of the above code in html_output. Only problem is - the darn search engine still sees the SIDs :?:


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

i installed the latest version and found that i can log in once with no problem, but if i log out and attempt to log back in, it wont let me do it - i dont get an error msg about login id or password, i just get returned to default.php without being logged in


Reading is beneficial - Searching is enlightening

find answers at wiki.oscommerce.com/top

Share this post


Link to post
Share on other sites

Well I have been using the contribution since the day it was released, and I have no problems at all.

Works like a dream.

 

Still got the redirection troubles, but otherwise its great!

 

CC.

Share this post


Link to post
Share on other sites

I had more than 250,000 hits from all search engines last month, with under 7,000 listings on Google - and not a sid in sight and no reported log on problems.

 

This compares to October and November last year when I had a similar number if hits from Google in one week that resulted in 70,000 pointless listings all with sids.

 

I reckon I can call this a success. :D


Ian-san

Flawlessnet

Share this post


Link to post
Share on other sites

It is strange, cos we had google pick our site up sometime ago, and all products were listed.

 

However we had google hit us big time on Saturday, and the crawl lasted until Tuesday this week. However as Thursday is rounding the corner we still do not have any new listings in Google.

 

I am a little unsure as to why at present, normally once google hits us we have listings the next day. As I check the logs google came and went with no SID's. So the SID killer is working, but for some reason we still see no listings...

 

Perculier. :?

 

CC.

Share this post


Link to post
Share on other sites

My experience (belief ??) is that Google visits twice - once to capture urls and the next to index them. So it is possible you will get another visit in a day or so to create the listings.


Ian-san

Flawlessnet

Share this post


Link to post
Share on other sites

Argh that might explain it.

 

Thanks for the input. :wink:

 

CC.

Share this post


Link to post
Share on other sites

And actually, we find that new listings on Google generally take fr om 2 - 3 weeks after the google spider before they show up in their index.

 

Also, you can see new listings on http://www2.google.com and http://www3.google.com before you will see them on the regular.


-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Share this post


Link to post
Share on other sites

Hi, all;

 

I am very sorry to revisit this again, but I can't see where it was ever figured out...

 

I did have some of Ajeh's stuff to prevent security warning boxes from popping up installed, so I took it out to see if that's what was causing my problems. While it may be part of it (getting kicked out from being logged in when moving from SSL -> NONSSL), it's not the only issue.

 

I have added back in the SIDKiller code one chunk at a time and everything in the cart's function seems to be normal until I add (yes, I have commented out the original code, so I don't have duplicate code):

if (isset($sid) && (!$kill_sid)) {

     $link .= $separator . $sid;

   }

Once I add this in, I can no longer log in if there is nothing in my cart. I get returned to the index page, still as a guest and with a session ID now appended in the browser address bar. If I add an item to my cart (as a guest) and then try to log in, I am allowed to do so and everything appears as it should.

 

Has anyone figured out what it is in this small chunk of code that creates this problem?

 

Thanks for your patience, I really am trying to get this sorted :)


... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Share this post


Link to post
Share on other sites

Here's another bug with this SID killer, similar to what mugitty is experiencing.

 

If you log in, and try to write a review, it will log you out, and return you to the default page.


-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Share this post


Link to post
Share on other sites

Well just to confirm this is not the case with everyone, again my site is fine when i test this.

 

No problems.

No loggin out...

 

Have you guys spoken via PM and seen whether you have both added the same mod or one similar that could be causing this?

 

CC.

Share this post


Link to post
Share on other sites

I also do not get any of these "loggin out" problems


The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×