Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

getting rid of osCsid: Session or cookie?


jacopo

Recommended Posts

as many, i am trying to get rid of osCsid in the URL for SEO porpuse.

 

In the admin>configuration, we can set SESSION_FORCE_COOKIE_USE to true, and this will store the SID in a cokkie, preventing it to show on the URL.

which is good.

 

BUT, if a user doesnt accept cookie, he will be blocked.

 

So now my question is not necesarly stricted to OSC, but general development:

why dont we store the SID on a server side session?

wouldnt this allow everyone to use the application with no problem?

 

Please advice on why osc wants to use cookie instead of session

 

thanks

Expresionario.com | Pura Sub-cultura!

Link to comment
Share on other sites

set force cookies to true.

You wouldnt be able to use shared SSL.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

set force cookies to true.

You wouldnt be able to use shared SSL.

 

exactly. one more reason to support my thesis:

why we use COOKIEs and not SESSION then??

Expresionario.com | Pura Sub-cultura!

Link to comment
Share on other sites

sessions are somethign that are saved on server and cookies on browser.

If some one is not willing to allow cookie setting then we have to use session else loose customer.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

Most users accept first-party cookies, meaning their browsers accept cookies from the website they are visiting.

 

It is a default setting in Internet Explorer not to accept third-party cookies, meaning cookies that a site you are on tries to place on your computer from an ad-tracking company, or some more malicious sort of cookie.

 

Very few people set their browsers never to accept any form of cookie - not even cookies from the websites they are visiting.

 

Therefore "Force Cookie Use" shouldn't cost much business at all (a tiny percentage of one percent). It works with no SSL or with full SSL, but not with shared SSL.

 

The thing to be careful about is that some payment providers need the session id to be passed to track the payment. But this is limited to a few like HSBC Secure ePayments.

 

Vger

Link to comment
Share on other sites

The thing to be careful about is that some payment providers need the session id to be passed to track the payment. But this is limited to a few like HSBC Secure ePayments.

 

thanks Vger!

in fact as you can immagine i found a lot of posts by you abut this argument and i was about to write you... glad you did it first! :)

 

about my problem:

as we have full SSL on our site , cookies work fine for what concerns user session management (registration, shopping cart, checkout).

 

the big issue is about payment with Creditcard: we are using the original Authorize.net gateway (not AIM, but the one in OSC ms2.2 by default).

when we change the "force cookie" setting to true , we were not able to make payments anymore.

do you think it is because a session ID problem, as you say it is for HSBC?

thanks

jacopo

Expresionario.com | Pura Sub-cultura!

Link to comment
Share on other sites

I haven't used the old SIM module, but you'll need t drop it anyway. Authorize Net have said they will discontinue the old Simple Integration Method and will only use the Advanced Integration Method at some time in the future.

 

You may as well change now.

 

Vger

Link to comment
Share on other sites

I haven't used the old SIM module, but you'll need t drop it anyway. Authorize Net have said they will discontinue the old Simple Integration Method and will only use the Advanced Integration Method at some time in the future.

 

You may as well change now.

 

 

I know , i am aware of this.

but this change will for sure take us a while.

 

in the meanwhile, i was hoping to just make SIM work with cookies.

do you think it doesnt work because of the missing SID string? or..?

Expresionario.com | Pura Sub-cultura!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...