getting rid of osCsid: Session or cookie?

[jacopo 0]

as many, i am trying to get rid of osCsid in the URL for SEO porpuse.

 

In the admin>configuration, we can set SESSION_FORCE_COOKIE_USE to true, and this will store the SID in a cokkie, preventing it to show on the URL.

which is good.

 

BUT, if a user doesnt accept cookie, he will be blocked.

 

So now my question is not necesarly stricted to OSC, but general development:

why dont we store the SID on a server side session?

wouldnt this allow everyone to use the application with no problem?

 

Please advice on why osc wants to use cookie instead of session

 

thanks

[satish 24]

set force cookies to true.

You wouldnt be able to use shared SSL.

 

Satish

[jacopo 0]

set force cookies to true.

You wouldnt be able to use shared SSL.

 

exactly. one more reason to support my thesis:

why we use COOKIEs and not SESSION then??

[satish 24]

sessions are somethign that are saved on server and cookies on browser.

If some one is not willing to allow cookie setting then we have to use session else loose customer.

 

Satish

[♥Vger 9]

Most users accept first-party cookies, meaning their browsers accept cookies from the website they are visiting.

 

It is a default setting in Internet Explorer not to accept third-party cookies, meaning cookies that a site you are on tries to place on your computer from an ad-tracking company, or some more malicious sort of cookie.

 

Very few people set their browsers never to accept any form of cookie - not even cookies from the websites they are visiting.

 

Therefore "Force Cookie Use" shouldn't cost much business at all (a tiny percentage of one percent). It works with no SSL or with full SSL, but not with shared SSL.

 

The thing to be careful about is that some payment providers need the session id to be passed to track the payment. But this is limited to a few like HSBC Secure ePayments.

 

Vger

[jacopo 0]

The thing to be careful about is that some payment providers need the session id to be passed to track the payment. But this is limited to a few like HSBC Secure ePayments.

 

thanks Vger!

in fact as you can immagine i found a lot of posts by you abut this argument and i was about to write you... glad you did it first! :)

 

about my problem:

as we have full SSL on our site , cookies work fine for what concerns user session management (registration, shopping cart, checkout).

 

the big issue is about payment with Creditcard: we are using the original Authorize.net gateway (not AIM, but the one in OSC ms2.2 by default).

when we change the "force cookie" setting to true , we were not able to make payments anymore.

do you think it is because a session ID problem, as you say it is for HSBC?

thanks

jacopo

[♥Vger 9]

I haven't used the old SIM module, but you'll need t drop it anyway. Authorize Net have said they will discontinue the old Simple Integration Method and will only use the Advanced Integration Method at some time in the future.

 

You may as well change now.

 

Vger

[jacopo 0]

I haven't used the old SIM module, but you'll need t drop it anyway. Authorize Net have said they will discontinue the old Simple Integration Method and will only use the Advanced Integration Method at some time in the future.

 

You may as well change now.

 

 

I know , i am aware of this.

but this change will for sure take us a while.

 

in the meanwhile, i was hoping to just make SIM work with cookies.

do you think it doesnt work because of the missing SID string? or..?