Jump to content

Archived

This topic is now archived and is closed to further replies.

WoodsWalker

"Force Cookie Use" option

Recommended Posts

Hi everyone!

 

The "Force Cookie Use" option in the admin under "Configuration/Sessions" seemed like a good idea, but after I enabled it, several of my testers reported that when they tried to log in to the catalog or create an account, they were redirected to a page instructing them to enable cookies on their browsers. This happened even though their browsers were already set to accept cookies!

 

I tested the situation myself, using Firefox 2.0 and IE 6.0, both with cookies enabled, and my testers were right! All of us are redirected to /catalog/cookie_usage.php.

 

Glad I tested this before launching my catalog! Anyone have any further info on this, or is "Force Cookie Use" simply useless?

 

Thanks,

~Wendy

Share this post


Link to post
Share on other sites

It sounds like you have a shared SSL certificate. If you want to force cookie use, then you need a dedicated certificate.

Share this post


Link to post
Share on other sites
It sounds like you have a shared SSL certificate. If you want to force cookie use, then you need a dedicated certificate.

 

Nope, I have dedicated SSL, so it can't be that.

Share this post


Link to post
Share on other sites

check your config settings closely, for a root site they should be like.

 

define('HTTP_SERVER', 'http://www.mystore.com');

define('HTTPS_SERVER', 'https://mystore.com');

define('HTTP_COOKIE_DOMAIN', 'www.mystore.com');

define('HTTPS_COOKIE_DOMAIN', 'mystore.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

Remember BACKUP FIRST


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites
check your config settings closely [etc etc]

 

Remember BACKUP FIRST

 

Hi Sam!

 

OK, I tried that (well, as close as I thought I could get, since my SSL is for address "www.myaddress.com"), and tested it but the problem still reappears as soon as I set "Force Cookie Use" to "true". Here's what I have...

 

define('HTTP_SERVER','http://www.myaddress.com');
 define('HTTPS_SERVER', 'https://www.myaddress.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

See any boo-boos?

 

~Wendy

Share this post


Link to post
Share on other sites
Hi Sam!

 

OK, I tried that (well, as close as I thought I could get, since my SSL is for address "www.myaddress.com"), and tested it but the problem still reappears as soon as I set "Force Cookie Use" to "true". Here's what I have...

 

define('HTTP_SERVER','http://www.myaddress.com');
 define('HTTPS_SERVER', 'https://www.myaddress.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.myaddress.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

See any boo-boos?

 

Yes, I mentioned what I sent was for a 'root' site, but you seem to have a 'catalog' site.

 

try these:

 

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

 

and maybe

 

define('HTTPS_COOKIE_DOMAIN', 'myaddress.com');

~Wendy


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites
try these:

 

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

This is what they were originally, before I made the suggested change, so I know that won't solve it.

 

 

and maybe

 

define('HTTPS_COOKIE_DOMAIN', 'myaddress.com');

Will this be OK, even though the SSL is for www.myaddress.com?

 

~Wendy

Share this post


Link to post
Share on other sites

Changing both cookie domains as follows solved the problem:

 

  define('HTTP_COOKIE_DOMAIN', 'myaddress.com');
 define('HTTPS_COOKIE_DOMAIN', 'myaddress.com');

 

I read in another thread that the two cookie domains must match for "Force Cookie Use" to work.

 

Thanks for your help!

 

Now that it's working I'm wondering if I really want to use it... natch.

 

~Wendy

Share this post


Link to post
Share on other sites

×