jacopo Posted July 26, 2007 Share Posted July 26, 2007 as many, i am trying to get rid of osCsid in the URL for SEO porpuse. In the admin>configuration, we can set SESSION_FORCE_COOKIE_USE to true, and this will store the SID in a cokkie, preventing it to show on the URL. which is good. BUT, if a user doesnt accept cookie, he will be blocked. So now my question is not necesarly stricted to OSC, but general development: why dont we store the SID on a server side session? wouldnt this allow everyone to use the application with no problem? Please advice on why osc wants to use cookie instead of session thanks Expresionario.com | Pura Sub-cultura! Link to comment Share on other sites More sharing options...
satish Posted July 26, 2007 Share Posted July 26, 2007 set force cookies to true. You wouldnt be able to use shared SSL. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
jacopo Posted July 26, 2007 Author Share Posted July 26, 2007 set force cookies to true.You wouldnt be able to use shared SSL. exactly. one more reason to support my thesis: why we use COOKIEs and not SESSION then?? Expresionario.com | Pura Sub-cultura! Link to comment Share on other sites More sharing options...
satish Posted July 27, 2007 Share Posted July 27, 2007 sessions are somethign that are saved on server and cookies on browser. If some one is not willing to allow cookie setting then we have to use session else loose customer. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
♥Vger Posted July 27, 2007 Share Posted July 27, 2007 Most users accept first-party cookies, meaning their browsers accept cookies from the website they are visiting. It is a default setting in Internet Explorer not to accept third-party cookies, meaning cookies that a site you are on tries to place on your computer from an ad-tracking company, or some more malicious sort of cookie. Very few people set their browsers never to accept any form of cookie - not even cookies from the websites they are visiting. Therefore "Force Cookie Use" shouldn't cost much business at all (a tiny percentage of one percent). It works with no SSL or with full SSL, but not with shared SSL. The thing to be careful about is that some payment providers need the session id to be passed to track the payment. But this is limited to a few like HSBC Secure ePayments. Vger Link to comment Share on other sites More sharing options...
jacopo Posted July 29, 2007 Author Share Posted July 29, 2007 The thing to be careful about is that some payment providers need the session id to be passed to track the payment. But this is limited to a few like HSBC Secure ePayments. thanks Vger! in fact as you can immagine i found a lot of posts by you abut this argument and i was about to write you... glad you did it first! :) about my problem: as we have full SSL on our site , cookies work fine for what concerns user session management (registration, shopping cart, checkout). the big issue is about payment with Creditcard: we are using the original Authorize.net gateway (not AIM, but the one in OSC ms2.2 by default). when we change the "force cookie" setting to true , we were not able to make payments anymore. do you think it is because a session ID problem, as you say it is for HSBC? thanks jacopo Expresionario.com | Pura Sub-cultura! Link to comment Share on other sites More sharing options...
♥Vger Posted July 30, 2007 Share Posted July 30, 2007 I haven't used the old SIM module, but you'll need t drop it anyway. Authorize Net have said they will discontinue the old Simple Integration Method and will only use the Advanced Integration Method at some time in the future. You may as well change now. Vger Link to comment Share on other sites More sharing options...
jacopo Posted July 31, 2007 Author Share Posted July 31, 2007 I haven't used the old SIM module, but you'll need t drop it anyway. Authorize Net have said they will discontinue the old Simple Integration Method and will only use the Advanced Integration Method at some time in the future. You may as well change now. I know , i am aware of this. but this change will for sure take us a while. in the meanwhile, i was hoping to just make SIM work with cookies. do you think it doesnt work because of the missing SID string? or..? Expresionario.com | Pura Sub-cultura! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.