Jump to content

Archived

This topic is now archived and is closed to further replies.

spooks

What is the osCsid & why you must not loose it.

Recommended Posts

i have been reading the Thread but, as this is in another language i somtimes find it difficult to understand.. especially "computer talk" :blush:

 

Sorry...

 

Im afraid to anoy you more but, i have to ask just so i make it glass clear:

 

If my URL´s look like http:// mywebsite.com/index.php/barn-c-3?osCsid=4ae2e68238d85d62d43ffda14202bf77 and someone copies that url and paste it on a nother website, the osCsid will also show... is that a bad thing?

 

Please be kind and not angry with me of my stupid questions... :blush: (wish i were english or american)

 

It would be a problem if sessions were not recreated .. Recreate session should always be TRUE. Recreating the session id after a user "change of state" is simple standard practise.

 

Your osCsid should only be visible in the querystring for one click .. after that it should be gone or your includes/configure.php settings are wrong.

Share this post


Link to post
Share on other sites

Thank you Robert :rolleyes:

 

I feel horrible, not understanding what you mean by "in the querystring for one click" ....

 

i have compared my includes/configure.php with the one in this thread and see nothing wrong... but this line:

 

define('ENABLE_SSL', false);

Share this post


Link to post
Share on other sites
Thank you Robert :rolleyes:

 

I feel horrible, not understanding what you mean by "in the querystring for one click" ....

 

i have compared my includes/configure.php with the one in this thread and see nothing wrong... but this line:

 

define('ENABLE_SSL', false);

 

Solan if you close ALL of your browser windows then go to your site.

 

Hover over any link and you will see in the bottom bar that the link has an osCsid appended to it.

 

If you then click that link then once again hover over a link when the page reloads the link should now be free of any osCsid.

Share this post


Link to post
Share on other sites

sorry but then i think i have problem, i dont know if i do it right but i still se the ocsid...

Share this post


Link to post
Share on other sites
sorry but then i think i have problem, i dont know if i do it right but i still se the ocsid...

 

Yes having seen your site you have persistent osCsid so your settings are wrong.

Share this post


Link to post
Share on other sites
Yes having seen your site you have persistent osCsid so your settings are wrong.

 

:( okay Thanks.. but nice to know my problem..

Share this post


Link to post
Share on other sites
If you have set prevent spider sessions to true and updated the spider.txt you don`t need SID killer

 

 

You could still get sid mixup if other sites etc include the sid, so you need to be careful.

 

Set Recreate Session to true to avoid that problem

 

Thanks a lot for the help! I'll make sure those settings are set!

Much appreciated -R

Share this post


Link to post
Share on other sites
It would be a problem if sessions were not recreated .. Recreate session should always be TRUE. Recreating the session id after a user "change of state" is simple standard practise.

 

Your osCsid should only be visible in the querystring for one click .. after that it should be gone or your includes/configure.php settings are wrong.

 

You were totally right my friend :rolleyes: my includes/configure.php settings was wrong...

 

With your great help i could finally load a correct configure.php

 

Thank you a milling times for helping me out with my issue.. *handing you a flower*

 

It feels great having a site again *lol*

Share this post


Link to post
Share on other sites

errm okay guys now back to my prob...I mean back to the SOLUTION I desperately still need help with the following:

What is the correct way to add a link to my page?

Scenario 1: I am using Oscommerce and adding a link within the descrition of a product to another product on the same site what code is suitable?

Scenario 2: If I want to link from a product page to a different site what code is suitable?

Scenario 3: If I am using dreamweaver then does the applicable code remain the same as if designing the page in oscommerce or is it okay to just use the normal 'insert link' function.

 

PLEASE PLEASE HANDSOME..PRETTY PLEASE HELP :rolleyes:

Share this post


Link to post
Share on other sites
Please?

 

If you dot your queries at the end of other unrelated queries randomly throughout a thread your unlikely to gert a reply as your question will be missed.

 

Scenario 1: I am using Oscommerce and adding a link within the descrition of a product to another product on the same site what code is suitable?

 

Use tep_href_link as detailed ealier

 

Scenario 2: If I want to link from a product page to a different site what code is suitable?

 

Any standard link can be used as no need to maintain the session

 

Scenario 3: If I am using dreamweaver then does the applicable code remain the same as if designing the page in oscommerce or is it okay to just use the normal 'insert link' function.

 

No, you must use tep_href_link as detailed ealier


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

hi

 

i am using this code for the link

 

<a href="<?php echo tep_href_link('stuffsell.php', '', 'SSL'); ?>">Sell your Stuff</a>

 

it is working fine on the local system. but when i upload same pages on the live site osCid becomes blank.

 

how to resolve this problem.

 

can anyone have any solution to this.

 

waiting for reply...

 

 

Thanks in advance..

Share this post


Link to post
Share on other sites

tep_href_link only adds the sid to the url if it is required, often thiis only occurs on the first page viewed.

 

Your real test is to log in, then check you don`t get logged out un-expectedly


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites
errm okay guys now back to my prob...I mean back to the SOLUTION I desperately still need help with the following:

What is the correct way to add a link to my page?

Scenario 1: I am using Oscommerce and adding a link within the descrition of a product to another product on the same site what code is suitable?

Scenario 2: If I want to link from a product page to a different site what code is suitable?

Scenario 3: If I am using dreamweaver then does the applicable code remain the same as if designing the page in oscommerce or is it okay to just use the normal 'insert link' function.

 

PLEASE PLEASE HANDSOME..PRETTY PLEASE HELP :rolleyes:

 

 

Hi Amirage, I can't help with everything but this might be of some use (if it's not too late).

 

Scenario 1 - if you're adding a link to another product on the same site, you'll want to use the tep_href_link function in conjunction with the product_id of the item you want to link to. So, it'd be something like:

<a href="'.tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=PRODUCTIDHERE'">

 

Now, that's not a very elegant way of doing it and I'm sure someone else out there will be able to do it much better, but it might put you on the right track. Using the tep_href_function will help ensure you don't lose your osCsid.

 

Scenario 2 - If you want to link to a different site, just write a link as normal, for example, <a href="http://www.bbc.co.uk">Linky</a>.

 

Scenario 3 - I've no idea about dreamweaver tbh. I wouldn't feel confident using dreamweaver with oscommerce personally, but that's just because I like the TextPad & tea approach to coding. :)

Share this post


Link to post
Share on other sites

HOW TO HIDE THE SID

Before making any changes BACKUP

First. its important you ensure that robots do not have sessions, so in admin -> sessions

 

set Prevent Spider Sessions to true and update spiders.txt http://addons.oscommerce.com/info/2455

 

Second. in case you have any links that have a session attached, in admin -> sessions

 

set Recreate Session to true.

 

Third. check your configure.php settings:

 

define('HTTP_SERVER', 'http://www.mystore.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://mystore.com'); // eg, https://localhost - should not be empty for productive servers

define('HTTP_COOKIE_DOMAIN', 'www.mystore.com');

define('HTTPS_COOKIE_DOMAIN', 'mystore.com');

define('HTTP_COOKIE_PATH', '/'); or define('HTTP_COOKIE_PATH', '/catalog/'); if store is in the catalog dir.

define('HTTPS_COOKIE_PATH', '/'); or define('HTTPS_COOKIE_PATH', '/catalog/');

 

You should then only see a sid on the first page viewed, you can prevent even that by in admin -> sessions set:

 

Force Cookie Use to true

 

That could cause you problems with customers that have cookies disabled though (including AOL users!)

 

Some SEO contributions have an option to hide the sid, useful if other methods don't work for you.

 

If you are using MS2 (many templates are ms2 based) you may still have an issue, consider upgrading to rc2a

Upgrading osC from 2.2 MS2 to 2.2 RC2a http://addons.oscommerce.com/info/6654

or at the least its advisable to use the includes/functions/sessions.php from the rc2a distribution.

 

If turning on Force Cookie Use in MS2 creates errors you may find using the includes/application_top.php from the rc2a distribution will fix that, though take great care if trying that.

 

Not sure what version osC your using?. This thread in Tips details the method to find your osC version, don't forget in Admin, under tools you have Server Info, that will provide a lot of info about your store & server.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

When I set force cookies to true, it does not work for me, not in Firefox or IE.

 

Also, when I set it to false, the SID shows on every page. SID Killer is not an ideal module to add because I don't want this security risk on my site at all. Do you know of a way to fix this problem? I do remember reading something about the way PHP is installed and how it could affect something. For now I'm developing on my box, using WAMP server so PHP is a module on Apache. Is this related to the problem?

Share this post


Link to post
Share on other sites

Have u looked at all the options detailed in my last? what version is your store?


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Yes I have, and I have the very latest version, downloaded two weeks ago, but it is version 2.x, not the alpha. RC2 I believe.

Share this post


Link to post
Share on other sites
Yes I have, and I have the very latest version, downloaded two weeks ago, but it is version 2.x, not the alpha. RC2 I believe.

 

version 2.x is meaningless, so you could have 2.2ms2!! So update to 2.2rc2a!


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

I did mention that I have the RC2 version.. also the latest version since I believe this version has been out for a while now? Two weeks isn't that long ago.

 

Could it be that the way PHP is installed is affecting the functionality of osCommerce?

Share this post


Link to post
Share on other sites

Regenerating the session when linked from an external source

 

Matt has created I nice post here with a mod for regenerating the session and preventing shared sessions from shared links


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Thanks for the nitty gritty, really useful.

 

I am very new here. Just try to construct a site. But to my horror, this oscSid kept changing after login (in fact, it did not remember who the user is ). the app cannot track my orders or any other things. What I have done wrong here?? I just got the app installed a few days back, and did not make much customization.

Share this post


Link to post
Share on other sites

What version have u installed, is it a template? a link would help to seee issue too.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Ok it appears that new installation has this problem. and the solution is provided by this discussion

http://forums.oscommerce.com/index.php?sho...&hl=session.

The solution is : Change the Cookie Domains and Cookie Paths to blank in the catalog\includes\configure.php file .

 

vista; Apache/2.2.11 (Win32) PHP/5.3.0; MySQL 5.1.36; osCommerce 2.2-MS2.

Share this post


Link to post
Share on other sites
Ok it appears that new installation has this problem. and the solution is provided by this discussion

http://forums.oscommerce.com/index.php?sho...&hl=session.

The solution is : Change the Cookie Domains and Cookie Paths to blank in the catalog\includes\configure.php file .

 

vista; Apache/2.2.11 (Win32) PHP/5.3.0; MySQL 5.1.36; osCommerce 2.2-MS2.

 

 

A new install of latest versions does not have this issue, as it is correctly coded, if you use cookies then yes u must set the configure files correctly, but most don't use cookies for good reason.

 

Cookies is just one small part of this issue, most problems occur with faultly links or incorrect use of forms.

 

PS why are u using a old version of osc, or have u installed a duff template & assumed faults with that apply to all!! :rolleyes:


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

×