Jump to content

Archived

This topic is now archived and is closed to further replies.

spooks

What is the osCsid & why you must not loose it.

Recommended Posts

I have a few questions, on my site sometimes the urls have a sid and sometimes not, is that the way it should be?

 

Should "force cookie use" be set to true as a rule? mine is set to false.

 

When I try to log in as a customer I have never been logged out unexpectedly or got lost.

 

Aside from trying to log in, is there another way to test?

 

 

Thank you for reading.


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

sometimes the urls have a sid and sometimes not

Should "force cookie use" be set to true as a rule? mine is set to false.

 

Thats normal, usually you will only see the sid on the first page when you visit the site, thereafter not.

 

You do not need to use force cookie use, that only needed for sites that have done it wrong (as a workaround).

 

To test, clear your cache & visit your site, hover over all the links on the page, you should see an sid in all those links. ps thats not an exaustive test though.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Thanks Sam.

 

I have another question, according to your posts all links within the site must be like this:

<a href="<?php echo tep_href_link(FILENAME_DEFAULT); ?>">Back Home</a>

 

is that also the case for links to pdf's or html pages? in this case should they be defined in filename.php?


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

links to pdf's or html pages

is that also the case for links to pdf's or html pages? in this case should they be defined in filename.php?

 

 

If you link to a html page then you will loose the session on that page (its outside the catalog), but as long as thats not an issue (ie the visitor wont be returning to the store) thats fine, adding tep_href_link to a link to such pages would make no difference.

 

Assuming your pdf's open in a new page then again its not an issue.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

If you link to a html page then you will loose the session on that page (its outside the catalog), but as long as thats not an issue (ie the visitor wont be returning to the store) thats fine, adding tep_href_link to a link to such pages would make no difference.

 

Assuming your pdf's open in a new page then again its not an issue.

 

I've made all of my links with the _blank tag so they open in a new tab, I assume this way the visitor can close that page and doesn't lose his session on the original page.....or is that too simplistic?


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

I've made all of my links with the _blank tag so they open in a new tab, I assume this way the visitor can close that page and doesn't lose his session on the original page.....or is that too simplistic?

 

 

That should work, not sure it wont confuse visitors that some pages on your site are new pages though.


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Funnily enough I keep getting logged out of this forum today :huh: anyway I digress.

 

That should work, not sure it wont confuse visitors that some pages on your site are new pages though.

 

Ah, interesting point. Personally I prefer it when pages open in new tabs and am annoyed when I need to hit the back key, however, perhaps it's just me, but if this solves the sid issue, it can't be all bad I guess.

 

Thanks for all your help Sam :)


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

Greetings all,

 

I was just wondering - I have my site, full of information, set up in the root directory of my server.

 

I then have a link from my main pages' menu to /catalog - opening up teh index page of the catalog directory - and then allowing users to browse around in the oscommerce section of my site.

 

However, I have also tried to include links to My Account, Cart Contents and Checkout on every page, regardless of whether that page containing the links is found in the catalog directory. For now, I have done this by setting the links as:

 

e.g.

<a class="accountdetails" href="http://mysite.co.uk/catalog/account.php">My Account</a>

 

Can I just ask whether this would be a problem in terms of the SID issues discussed?

 

I mean, if I change those links to tep_href_link the page has no idea what that refers to - given that there is no general php/oscommerce coding on these pages. So - if my method is problematic, can you please help me figure what I'd need to copy into these other pages' code to mean they correctly link to the catalog pages.

 

I hope that makes sense.

 

Thanks a lot!

Share this post


Link to post
Share on other sites

Greetings all,

 

I was just wondering - I have my site, full of information, set up in the root directory of my server.

 

I then have a link from my main pages' menu to /catalog - opening up teh index page of the catalog directory - and then allowing users to browse around in the oscommerce section of my site.

 

However, I have also tried to include links to My Account, Cart Contents and Checkout on every page, regardless of whether that page containing the links is found in the catalog directory. For now, I have done this by setting the links as:

 

e.g.

<a class="accountdetails" href="http://mysite.co.uk/catalog/account.php">My Account</a>

 

Can I just ask whether this would be a problem in terms of the SID issues discussed?

 

I mean, if I change those links to tep_href_link the page has no idea what that refers to - given that there is no general php/oscommerce coding on these pages. So - if my method is problematic, can you please help me figure what I'd need to copy into these other pages' code to mean they correctly link to the catalog pages.

 

I hope that makes sense.

 

Thanks a lot!

 

No you can't maintain session state with basic html. Html is a comparitively stupid language it does little else but display to screen.

 

You would need to build php pages and have perhaps a cutdown application_top and application_bottom to maintain session state, you would also then be able to use the tep_functions if the cut down files included those functions.

 

If you don't know how to cut down those files you could just include the existing ones although you'll be processing a lot of unnecessary code.

Share this post


Link to post
Share on other sites

No you can't maintain session state with basic html. Html is a comparitively stupid language it does little else but display to screen.

 

You would need to build php pages and have perhaps a cutdown application_top and application_bottom to maintain session state, you would also then be able to use the tep_functions if the cut down files included those functions.

 

If you don't know how to cut down those files you could just include the existing ones although you'll be processing a lot of unnecessary code.

 

Thanks mate, no worries I will have to do that.

 

To be a pain, is there any more clarification you can give me on what needs to be included in the application_top and application_bottom files. iT's a minefield in there - not sure what removing each thing will do.

 

Should I be left with a lot of code - or very little? Any hints at all would be great (I don't expect a full description at all - a nudge in the right direction would be awesome).

Share this post


Link to post
Share on other sites

Thanks mate, no worries I will have to do that.

 

To be a pain, is there any more clarification you can give me on what needs to be included in the application_top and application_bottom files. iT's a minefield in there - not sure what removing each thing will do.

 

Should I be left with a lot of code - or very little? Any hints at all would be great (I don't expect a full description at all - a nudge in the right direction would be awesome).

 

 

If it helps, you can use this at the start of any pages you need to include in the catalog:

 

<?php 
/*
 Header to allow use of catalog files
*/
chdir('/home/mysite/public_html/catalog/'); 
require('includes/application_top.php');
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);
?>

 

obviously the page must be renamed a xxx.php file smile.gif


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

If it helps, you can use this at the start of any pages you need to include in the catalog:

 

<?php 
/*
 Header to allow use of catalog files
*/
chdir('/home/mysite/public_html/catalog/'); 
require('includes/application_top.php');
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);
?>

 

obviously the page must be renamed a xxx.php file smile.gif

 

Hey spooks, thanks for that - that seems to be what I am after!

 

Just tried inserting it now into a php file I use for page headers - and it nearly works. The link I changed does indeed preview with a '344hsg332' URL in the status bar on hover, but when I click on it I get the following page:

 

Fatal error: Call to a member function add_current_page() on a non-object in /home/blurre5/public_html/catalog/includes/application_top.php on line 312

 

Also, on the page on which the link appears. I am displayed (above the normal page content):

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/blurre5/public_html/php/head_blog.php:6) in /home/blurre5/public_html/store/includes/functions/sessions.php on line 102

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/blurre5/public_html/php/head_blog.php:6) in /home/blurre5/public_html/store/includes/functions/sessions.php on line 102

 

 

Any ideas for why this may be? Sorry if I'm going a bit off the thread topic here - I almost PM'ed you but thought better of it!

Share this post


Link to post
Share on other sites

Call to a member function add_current_page() on a non-object

Hey spooks, thanks for that - that seems to be what I am after!

 

Just tried inserting it now into a php file I use for page headers - and it nearly works. The link I changed does indeed preview with a '344hsg332' URL in the status bar on hover, but when I click on it I get the following page:

 

Fatal error: Call to a member function add_current_page() on a non-object in /home/blurre5/public_html/catalog/includes/application_top.php on line 312

 

Also, on the page on which the link appears. I am displayed (above the normal page content):

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/blurre5/public_html/php/head_blog.php:6) in /home/blurre5/public_html/store/includes/functions/sessions.php on line 102

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/blurre5/public_html/php/head_blog.php:6) in /home/blurre5/public_html/store/includes/functions/sessions.php on line 102

 

 

Any ideas for why this may be? Sorry if I'm going a bit off the thread topic here - I almost PM'ed you but thought better of it!

 

 

This error is usually related to your browser cache, clearing that would remove, there is a code fix to prevent the issue:

 

application_top.php on line 310 find:

// navigation history
 if (tep_session_is_registered('navigation')) {
if (PHP_VERSION < 4) {
 	$broken_navigation = $navigation;
 	$navigation = new navigationHistory;
 	$navigation->unserialize($broken_navigation);
}
 } else {
tep_session_register('navigation');
$navigation = new navigationHistory;
 }
 $navigation->add_current_page();

 

replace with:

 

 // navigation history
 if (tep_session_is_registered('navigation') && is_object($navigation)) {
if (PHP_VERSION < 4) {
 	$broken_navigation = $navigation;
 	$navigation = new navigationHistory;
 	$navigation->unserialize($broken_navigation);
} elseif ( false === is_object($navigation) ) {
 	$navigation = new navigationHistory;
}
 } else {
tep_session_register('navigation');
$navigation = new navigationHistory;
 }
 $navigation->add_current_page();

 

your headers already sent error means content started too early, if this is on the same page as other, then its the previous error message that caused it. wink.gif

 

 


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Thanks for trying to help again spooks- but unfortunately after clearing my cache, editing application_top, and refreshing, I still have the same messages displayed on the page the link is on.

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/blurre5/public_html/php/head_blog.php:6) in /home/blurre5/public_html/store/includes/functions/sessions.php on line 102

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/blurre5/public_html/php/head_blog.php:6) in /home/blurre5/public_html/store/includes/functions/sessions.php on line 102

 

I should clarify now I originally only tried to edit the Shopping Cart link.

 

Now, this link does now work fine - takes me to the shopping cart page (although with slightly messed up formatting - probably unrelated). However, now the links I have in the store section to My Account and Checkout don't work at all. I get the folowing error message:

Fatal error: Call to a member function set_snapshot() on a non-object in /home/blurre5/public_html/store/account.php on line 16

and

Fatal error: Call to a member function set_snapshot() on a non-object in /home/blurre5/public_html/store/checkout_shipping.php on line 18

 

The lines referred to are both the same:

 

$navigation->set_snapshot();

 

 

I have tried changing the non-store page My Account and Checkout links to the tep_href ones - but that does not seem to change anything.

 

How frustrating! But I appreciate your time and patience. Hope there's an easy solution.

Share this post


Link to post
Share on other sites

I would suspect you have a whitespace issue

 

 

 

You must have nothing before the first <?php on the page and your

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

 

line should occur immediatly after the closing ?>

 

 

To keep it simple one issue at a time please, just in-case thier related!! smile.gif

 

 


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Hi again. Thanks for the response again. Tried that solution - and indeed it got rid of the php warnings that appeared on the non-store page.

 

However, store/account.php and store/checkout_shipping.php just will not open - I am still getting the fatal errors listed above. I tried changing application top back to how it was - but that did nothing. I'm rather confused by this!

 

Hopefully this can be cracked soon (I read the link about help vampires - I hope I am not becoming one - I do keep trying to fix the problem myself but to no avail... so I then reset back to before my experimenting and come on here!).

Share this post


Link to post
Share on other sites

Hi again. Thanks for the response again. Tried that solution - and indeed it got rid of the php warnings that appeared on the non-store page.

 

However, store/account.php and store/checkout_shipping.php just will not open - I am still getting the fatal errors listed above. I tried changing application top back to how it was - but that did nothing. I'm rather confused by this!

 

Hopefully this can be cracked soon (I read the link about help vampires - I hope I am not becoming one - I do keep trying to fix the problem myself but to no avail... so I then reset back to before my experimenting and come on here!).

 

 

Normally the last code change I gave fixes that issue too!! Can you check you did mod includes/application_top & not admin/includes/application_top

 

also check you still have, around 130

 

 

// include navigation history class
 require(DIR_WS_CLASSES . 'navigation_history.php');

 

also check account.php and checkout_shipping.php files both still have

 

require('includes/application_top.php');

 

at the start.

 

In any case these errors are un-related to your original issue, so how did they start? did u change other things? If you contiue to have issues, could u start a new thread, as this is not sid related, including a url in the post will be helpful.

 

 

 

 


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Excellent!

 

Thanks spooks - problem solved. I followed your latest instructions to a tee and it all seems to be in order now (although it has messed up some php includes I use later in the page - but I'm sure I'll figure that out myself).

 

Once again, much appreciated. I feel better I have managed to update it all to retaining oSCid too. Peace of mind!

 

Kind Regards,

Josh

Share this post


Link to post
Share on other sites

can u help me in maintaining sessionid in section hyperlinks in side a page?

 

 

Simply follow the tips I gave in the first posts in this thread about creating links with tep_href_link


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Hi Sam

 

I have following case and question:

 

From what I know till now, the session ID is set in the moment somebody enters the page. Is it possible that this depends on the browser? Or, in other words, is it possible that the "persistence" of the session ID starts for some browsers at the moment of entering and for some others after the first click?

 

I'll explain what I'm trying to do: I made the login.php page to open into a shadowbox window. After submit, I lead to a login_success.php page (in same shadowbox). There I have a button that is closing the shadowbox window and reloading the parent page.

 

Everything works fine if I do the login after the first click in the page. I can see that I'm logged in in the login_success.php page and after closing the window and reloading the parent page I'm still logged in

 

The problem starts if I do login as the first click: In this case I am logged in at login_success.php but after reloading the parent page, I'm logged out again. Same thing is with create account ofcourse too. This happens only if my first click on the page is "login"

 

The strange thing is, that I have the problem in firefox and safari but not in opera. I'm testing this all on a local Xampp installation. Thats why my beginning question. It looks to me like if in opera the session ID persist from click 0, in the other browsers it needs at least one click to start to persist. Recreating the session id in admin makes no differce

 

The code I use in login_success.php (and create account_success.php) and behaves as described is following: (the shopping cart related part works perfect)

    
   <div class="pgconfot">
   	<?php
 		if (sizeof($navigation->snapshot) > 0) {
   		$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);
   		$navigation->clear_snapshot();
	?>
		<div class="fltlft"><?php echo '<a onClick="parent.location.reload();parent.Shadowbox.close()">' . tep_image_button('button_continue_shopping.gif', IMAGE_BUTTON_CONTINUE_SHOPPING) . '</a>'; ?></div>
		<div><?php echo '<a href="' . $origin_href .  '"target="_parent"' . '">' . tep_image_button('button_checkout.gif', IMAGE_BUTTON_CHECKOUT) . '</a>'; ?></div>
   	<?php
			 } else {	
	?>
		<div><?php echo '<a onClick="parent.location.reload();parent.Shadowbox.close()">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></div>
   	<?php
		}
	?>    
   </div> <!-- end pgconfot -->

 

I don't know if I'm right to suspect the browsers. Is there any way to "force" the session ID to persist before the first click? Or maybe I'm totally wrong in something?

Share this post


Link to post
Share on other sites

I noticed this only after installing USU5 (which should have nothing to do with this issue), but here is the basic breakdown of what ive experienced.

Ive got persistent OscIds showing up on every link, they seem to be generated properly as each user can keep their own session and cart, and they are unique. However i am trying to get rid of these Ids in the URL for SEO purposes and also to make it look cleaner to people viewing the site. After enabling USU5, i got the standard rewrite working but the OsCId is still present in the URL.

 

I found out that setting "Force Cookies" under sessions in admin allows URLs to drop the OscID! I thought my problem was solved.... but here comes the problem...

 

 

With Force Cookies set to True:

Only one user ever shows up under "Who's Online". If a new user/guest visits the site, their IP and information takes over and the other user is gone. This seems like it would lead to conflicts with the two users seperate sessions. When a user tries to login by clicking 'Account' at the top, they get redirected to cookie_usage.php.

 

With Force Cookies set to False

Every guest user on Who's Online shows up with ID 0. Is this normal? Users with an account show up properly with their own IDs. They get a proper ID, and their OsCIds are each unique, so it appears to work fine this way, HOWEVER, the OscIds are back on the end of the URL!

 

 

Any advice is appreciated, i will be monitoring this thread to answer any questions and check configuration options if i have not provided enough info to solve this one.

Share this post


Link to post
Share on other sites

i am trying to get rid of these Ids in the URL for SEO purposes

 

 

 

 

As detailed b4, the robots must never see the sid, you must enable Prevent Spider Sessions and update spiders.txt http://addons.oscommerce.com/info/2455

 

so sid in url is inconsequential to seo


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

×