Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

What is the osCsid & why you must not loose it.


spooks

Recommended Posts

 

PS there is another method if you care to look. smile.gif

 

Regarding keeping the osCsid, I am using Featured Products that basically fit what I wanted to do, i.e. put featured items out there on the index page. It's a good add on.

 

However, to address what I was trying to do initially I found this contribution Embed Links with SID in Description but I haven't tried it yet. Probably will check it out sometime along the way when the need arises.

 

SK

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

  • 2 weeks later...
  • Replies 206
  • Created
  • Last Reply

Hi,

 

Thank you for this excellent thread, it is very informative and very helpful though I'm still far from understanding it fully.

 

I'd appreciate your comment on a few questions (apologies if it's long/tedious/inaccurate), hopefully it doesn't deviate too much from the thread:-

 

FORCE_COOKIES_USE=true;/Client Browser accepts cookies: I normally find the osCsid appears in the URL after the first click only, it doesn't appear thereafter. As it's not needed in the URL when the client accepts cookies is it not possible to stop it showing at all.

 

Client Browser doesn't accept cookies: The osCsid must always appear in the URL. After reading this thread I was a bit concerned because several pages (mainly information) use 'javascript:history.go(-1)' for the Back Button and I thought they may lose the osCsid. Testing suggests that it is not a problem (I believe the pages are retrieved from the browser cache). However there seems to be a problem if this, or more likely, the browser page Back Button, is used to go back to the landing page, it seems to generate a new osCsid. Is this an issue? Can anything be done about it?

 

SESSION_BLOCK_SPIDERS == 'True': In my application_top, this test is not performed when SESSION_FORCE_COOKIE_USE == 'True'. I seem to remember reading in a different thread that some spiders do now create sessions/accept cookies. Is this true and does the test need to be re-arranged (presumably blocking spider sessions should always be done as opposed to it being an option?)? I figure if the session is started anyway and the spider_flag is registered and set to 'false', it can subsequently be tested and used to set session_started to false instead of going through the spider list again - is there much benefit in this?

 

Thanks for your help

Link to comment
Share on other sites

I have a question on linking using the banner manager and whether or not I need to do anything to prevent losing session ids.

 

The banner manager asks for a path and if I put /shipping.php it works however, will this negatively impact session ids?

 

What about linking to products. I have used a seo url contribution so I'm wondering if I can but /blue-widget-sample-p-189.html in the banner manager. If not can you please help me so I can put what is proper so I don't lose session ids? Thanks.

Contributions installed: Purchase without Account / STS/ All Products/ Header Tags Controller

Link to comment
Share on other sites

  • 1 month later...

Hello, everyone.

 

I am familiar that application_top.php is the one responsible for keeping the sid intact. However, does the same apply for modal windows? E.g., I have a modal window that shows up when I choose a certain payment option in checkout_payment.php. It works fine with application_top.php, but encounters the 2006 - mysql has gone away error. I may be able to get away with this error if I don't require application_top.php. I figured that the sid is kept since checkout_payment.php generates a child window (e.g. payme.php).

Link to comment
Share on other sites

  • 2 months later...

Great topic information here...it has helped me tremendously. The last hurdle I have is this:

 

I am trying to include a link to another page inside my product description. So in the admin site for the product I originally included a manual <a href="...> for the link to the page but it was causing me to loose my session id. So I tried to do (as this post originally suggested)

 

<a href="<?php echo tep_href_link('FILENAME_ORDERNOTES'); ?>">click here</a>

for the link. However, when osCommerce renders the product info page, it is translating the link as this:

 

http://mysitename.com/catalog/%3C?php echo tep_href_link('FILENAME_ORDERNOTES'); ?>

 

Does anyone know how to force the page to not change the < to a %3C and hopefully execute the php code?

 

Thanks!

Link to comment
Share on other sites

In order for it to execute the PHP code you'd have to do an eval() on the description, and that's not something you really want to do.

 

You need to find a safer way.

 

I'd put the <a href back in it but have it open in a new window and link to a page that goes nowhere else (contains no other links) so they have to close it.

 

Just a thought.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

In order for it to execute the PHP code you'd have to do an eval() on the description, and that's not something you really want to do.

 

You need to find a safer way.

 

I'd put the <a href back in it but have it open in a new window and link to a page that goes nowhere else (contains no other links) so they have to close it.

 

Just a thought.

 

There is a much better way in my opinion.

 

I had a quick bash at writing the code ( so probably a bit "raw" ).

 

The way it ( should ) work.

 

In the products description ( or any DB text ) place code as follows: -

 

[-LINK-]FILENAME_DEFAULT[-ANCHOR-]My Test default[-ENDANCHOR-][-PARAMS-][-ENDPARAMS-][-ENDLINK-]

 

The above will link to index.php

 

[-LINK-]FILENAME_DEFAULT[-ANCHOR-]My Test category[-ENDANCHOR-][-PARAMS-]cPath=4[-ENDPARAMS-][-ENDLINK-]

 

The above will link to category cPath=4

 

It requires: -

1) A real and valid filename constant ( e.g. FILENAME_PRODUCT_INFO )

2) Optional params ( e.g. products_id=4 or cPath=37 etc. )

3) Must have link text

 

This system uses the correct tep_href_link() wrapper so no problems with sessions etc.

 

Instructions to test: -

 

1) Add the below class to catalog/includes/classes/ named as fwrmedia_links.php

 

2) catalog/product_info.php

 

Find ..

 

require('includes/application_top.php');

 

Add immediately below: -

 

require_once DIR_WS_CLASSES . 'fwrmedia_links.php';

 

Find .. ( where the description is output ) probably ..

?>
         <p><?php echo stripslashes($product_info['products_description']); ?></p>
<?php

 

Add immediately above it ..

 

  $fwrmedia_link = RealiseProductDescriptionLinks::i();
 $fwrmedia_link->realise( $product_info['products_description'] );

 

The class ( PHP5 only ): -

 

<?php
 /**
 * FWR Media
 * Class to parse links in products descriptions.
 */
 class RealiseProductDescriptionLinks {

   private static $_singleton;
   private $search = '@\[-LINK-\]([A-Z_]+)\[-ANCHOR-\]([a-zA-Z0-9_-\s]+)\[-ENDANCHOR-\]\[-PARAMS-\](.*)\[-ENDPARAMS-\]\[-ENDLINK-\]@';
   private $html_target;
   private $matches;

   private function __construct() {
   }

   public static function i() {
     if ( !self::$_singleton instanceof RealiseProductDescriptionLinks ) {
       self::$_singleton = new self; 
     }
     return self::$_singleton;
   }

   public function realise( &$products_description ) {
     $this->html_target = $products_description; 
     preg_match_all( $this->search, $this->html_target, $matches );
     if( count( $matches ) < 4 ) {
       return;
     }
     $this->buildAndReplaceLink( $matches );
     $products_description = $this->html_target;  
   }

   protected function buildAndReplaceLink( $matches ) {
     $working_array = array();
     foreach ( $matches[0] as $index => $find ) {
       $working_array[] = array( 'find' => $find,
                                 'replace' => $this->buildHref( $matches[1][$index], $matches[2][$index], $matches[3][$index] ) );

     }
     foreach ( $working_array as $index => $find_replace ) {
       $this->html_target = str_replace( $find_replace['find'], $find_replace['replace'], $this->html_target );  
     }
   }

   protected function buildHref( $filename, $linktext, $params ) {
     if ( false === defined( $filename ) ) {
       return '';
     }
     return '<a href="' . tep_href_link( constant( $filename ), $params ) . '" title="' . tep_output_string_protected( $linktext ) . '">' . tep_output_string_protected( $linktext ) . '</a>'; 
   }



 } // end class

Link to comment
Share on other sites

Oh forgot to mention .. the above should work for multiple links not just one.

Link to comment
Share on other sites

Ok, I'm a little confussed and need some guidance. blush.gif

 

Shop specs:

Upgraded my osC from 2.2 MS2 to 2.2 RC2a with - http://addons.oscommerce.com/info/6654 and all updates available.

Force Cookie Use = False

Check SSL Session ID = False

Check User Agent = False

Check IP Address = False

Prevent Spider Sessions = True

Recreate Session = True

Use Cache = True

 

PHP 5.2.13

MySQL 5.1.47

Apache 2.2.15

Linux 2.6.28

 

If you are to lose your osCsid session when browsing the site, then you would get logged out?

 

Here's my reason for posting:

 

I had created HTML links from one product description page to another product, such as:

<p>* Matching spray can - <a href="http://handeshobbies.com/product_info.php?cPath=22_27_43&products_id=235">1249</a><br>

 

From what I have read through this thread and a few others, I should be using something like this:

<link rel="canonical" href="<?php echo tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=235' . (int)$_GET['products_id'],NONSSL,false); ?>" />

 

Or this contribution:

Embed Link with SID in Description http://www.oscommerc...y/contributions,2905

 

Or what Robert posted above???

 

If my original HTML link is wrong, why then do I stay logged in when I follow many of my links? huh.gif

 

I just want to make sure that I need to change all my links before I start, there's a couple of hundred. crying.gif

 

If I do need to change them, which would be the best and/or easiest method?

- :: Jim :: -

- My Toolbox ~ Adobe Web Bundle, XAMPP & WinMerge | Install ~ osC v2.3.3.4 -

Link to comment
Share on other sites

 

If I do need to change them, which would be the best and/or easiest method?

 

Forget that "embed SID" stuff it is dangerous rubbish .. all you need is ..

 

Products Link

<a href="<?php echo tep_href_link( FILENAME_PRODUCT_INFO, 'products_id=1234' ) ?>">1234</a>

Categories Link

<a href="<?php echo tep_href_link( FILENAME_DEFAULT, 'cPath=1234' ) ?>">1234</a>

 

Obviously all the 1234s need to be replaced with propper values.

Link to comment
Share on other sites

Forget that "embed SID" stuff it is dangerous rubbish .. all you need is ..

 

Products Link

<a href="<?php echo tep_href_link( FILENAME_PRODUCT_INFO, 'products_id=1234' ) ?>">1234</a>

Categories Link

<a href="<?php echo tep_href_link( FILENAME_DEFAULT, 'cPath=1234' ) ?>">1234</a>

 

Obviously all the 1234s need to be replaced with propper values.

 

Thank you again Robert for coming to my rescue. wink.gif

 

I was hoping there was an easy way.

 

Now I know what I'll be doing for the next few days.

 

Any idea why my HTML links seem to keep the session?

- :: Jim :: -

- My Toolbox ~ Adobe Web Bundle, XAMPP & WinMerge | Install ~ osC v2.3.3.4 -

Link to comment
Share on other sites

Hello, I have pretty little header menu built in my pages:

 

body {
background-image: url(images/cart_bg.jpg);
background-repeat: no-repeat;
}
-->
</style></head>
<body leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0" marginwidth="0" marginheight="0" onLoad="MM_preloadImages('images/label_A2.gif','images/label_B2.gif','images/label_C2.gif','images/label_D2.gif','images/label_E2.gif','images/label_F2.gif')">
<table width="1040" border="0" cellspacing="0" cellpadding="0">
 <tr>
   <td width="500" align="left"><a href="index.php" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('mywebsite','','images/mywebsite_logo.gif',1)"><img src="images/pixel_trans.gif" alt="mywebsite" name="mywebsite" width="500" height="83" border="0"></a></td>
   <td width="540" align="left" valign="top"><img src="images/pixel_trans.gif" alt="" width="58" height="32"><a href="http://www.mywebsite.com/catalog/login.php" target="_self"><img src="images/pixel_trans.gif" alt="" width="105" height="32" border="0"></a><a href="http://www.mywebsite.com/about.php" target="_self"><img src="images/pixel_trans.gif" alt="" width="80" height="32" border="0"></a><a href="http://www.mywebsite.com/contact.php" target="_self"><img src="images/pixel_trans.gif" alt="" width="80" height="32" border="0"></a></td>
 </tr>
 <tr>
   <td colspan="2" align="left"><img src="images/pixel_trans.gif" alt="" width="158" height="22" border="0"><a href="http://www.mywebsite.com/catalog/index.php?cPath=1" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('label_A','','images/label_A2.gif',1)"><img src="images/label_A1.gif" alt="label_A" name="label_A" width="71" height="22" border="0"></a><a href="http://www.mywebsite.com/catalog/index.php?cPath=2" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('label_B','','images/label_B2.gif',1)"><img src="images/divider.gif" alt="" width="10" height="22" border="0"><img src="images/label_B1.gif" alt="label_B" name="label_B" width="97" height="22" border="0"><img src="images/divider.gif" alt="" width="10" height="22" border="0"></a><a href="http://www.mywebsite.com/catalog/index.php?cPath=3" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('label_C','','images/label_C2.gif',1)"><img src="images/label_C1.gif" alt="label_C" name="label_C" width="81" height="22" border="0"><img src="images/divider.gif" alt="" width="10" height="22" border="0"></a><a href="http://www.mywebsite.com/catalog/index.php?cPath=21" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('label_D','','images/label_D2.gif',1)"><img src="images/label_D.gif" alt="label_D" name="label_D" width="186" height="22" border="0"></a><img src="images/divider.gif" alt="" width="10" height="22" border="0"><a href="http://www.mywebsite.com/catalog/index.php?cPath=22" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('label_E','','images/label_E2.gif',1)"><img src="images/label_E.gif" alt="label_E" name="label_E" width="121" height="22" border="0"><img src="images/divider.gif" alt="" width="10" height="22" border="0"></a><a href="http://www.mywebsite.com/catalog/index.php?cPath=23" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('label_F','','images/label_F2.gif',1)"><img src="images/label_F1.gif" alt="label_F" name="label_F" width="63" height="22" border="0"></a></td>

 

I am getting a little confused when changing the links over for these rollovers. I am loosing my osCsid whenever any of these links are clicked on, and the session drops. I thought just changing the images to DIR_WS_IMAGES.'imagename.gif' would resolve the problem. Any tips?

 

Also, do I need to change out the links within my stylesheets such as the background image, (images/cart_bg)?

Link to comment
Share on other sites

Here is an example for you.

 

<a href="<?php echo tep_href_link( FILENAME_DEFAULT, 'cPath=1' ) ?>" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('label_A','','images/label_A2.gif',1)">
 <?php echo tep_image( DIR_WS_IMAGES . 'label_A1.gif', 'label_A', '71', '22', 'name="label_A"' ) ?>
</a>

Link to comment
Share on other sites

Thanks so much for your help. This is working well.

 

The only thing I'm stuck with is the cPath for say, my login.php and contact_us.php pages, where I have top links on my header. I enter login.php instead of a cpath and the address begins the url with http://www.mywebsite.com/catalog/index.php?, so it comes up as this: http://www.mywebsite.com/catalog/index.php?login.php?sid465278etc. ????

Link to comment
Share on other sites

There is a much better way in my opinion.

 

I had a quick bash at writing the code ( so probably a bit "raw" ).

 

The way it ( should ) work.

 

In the products description ( or any DB text ) place code as follows: -

 

[-LINK-]FILENAME_DEFAULT[-ANCHOR-]My Test default[-ENDANCHOR-][-PARAMS-][-ENDPARAMS-][-ENDLINK-]

...

 

 

Thanks for the contribution. I am not a PHP expert but I tried to do what you said and it did not work. It is displaying the link as:

 

[-LINK-]FILENAME_ORDERINGNOTES[-ANCHOR-]click here[-ENDANCHOR-][-PARAMS-][-ENDPARAMS-][-ENDLINK-]

 

Not sure what the problem is. I think that I may just open a new window like suggested earlier. This would have been great though!

Link to comment
Share on other sites

Another way you can loose sid is through the use of links to anchors on a page...

 

The answer is to either don't use anchors, or test for the sid & don't use anchors if it exists.

 

 

 

I will need to use anchors on my site for things like a FAQ page. Is there anyway to get round this problem? What do other people do for these types of pages where there may be alot of content so anchors are important?

Link to comment
Share on other sites

Relative link help

 

Or simplified using no parameters the link code becomes something like:

 

<?php
 echo '<a href="' . tep_href_link(basename($PHP_SELF),'#jump') . '">Jump</a>';
?>

 

And the target anchor looks like:

 

<a name="jump">Jump</a>

 

I have this code in a test page I use and it works and I don't lose the osCsid.

:)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Relative link help

 

Or simplified using no parameters the link code becomes something like:

 

<?php
 echo '<a href="' . tep_href_link(basename($PHP_SELF),'#jump') . '">Jump</a>';
?>

 

And the target anchor looks like:

 

<a name="jump">Jump</a>

 

I have this code in a test page I use and it works and I don't lose the osCsid.

:)

 

Thanks very much for your help germ. I'm not quite sure I understand 100% how I would write the link. E.G if I had a page called FAQ, www.mysite.com/store/FAQ and then in that page I wanted a link to a paragraph called 'How to order', then would I put

 

echo '<a href="' . tep_href_link(basename($PHP_SELF),'#howtoorder') . '">How to order</a>';

 

and <a name="howtoorder">How to order</a> ?

 

I don't really understand the PHP_SELF bit - do I need to change this and 'basename' to something? Bit of a newb when it comes to PHP code...:)

Link to comment
Share on other sites

echo '<a href="' . tep_href_link(basename($PHP_SELF),'#howtoorder') . '">How to order</a>';

 

and

 

<a name="howtoorder">How to order</a>

 

Should work.

 

basename($PHP_SELF) returns the name of the current PHP file (theoretically) so it should work regardless of the file you put the code in.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

echo '<a href="' . tep_href_link(basename($PHP_SELF),'#howtoorder') . '">How to order</a>';

 

and

 

<a name="howtoorder">How to order</a>

 

Should work.

 

basename($PHP_SELF) returns the name of the current PHP file (theoretically) so it should work regardless of the file you put the code in.

 

Thanks very much for the information and your help germ :)

Link to comment
Share on other sites

I have a problem with retaining the SID when URL rewriting for virtual subdomains via htaccess.

 

Basically, I have tested it by logging in as user to the site, then accessing a virtual subdomain like 'testing.mysite.com'. Upon access, my SID is apparently changed and I am not logged in anymore.

 

I have this on my .htaccess:

 

RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^\.]+)\.mysite\.com$ [NC]
RewriteCond %1 !^(www|ftp|mail)$ [NC]
RewriteRule ^(.*)$ index.php?sublink=%1

 

Question: How do you keep the sid using the following rewrite rules?

Link to comment
Share on other sites

I have a problem with retaining the SID when URL rewriting for virtual subdomains via htaccess.

 

Basically, I have tested it by logging in as user to the site, then accessing a virtual subdomain like 'testing.mysite.com'. Upon access, my SID is apparently changed and I am not logged in anymore.

 

I have this on my .htaccess:

 

RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^\.]+)\.mysite\.com$ [NC]
RewriteCond %1 !^(www|ftp|mail)$ [NC]
RewriteRule ^(.*)$ index.php?sublink=%1

 

Question: How do you keep the sid using the following rewrite rules?

 

I'm not 100% sure what you are trying to achieve but supposing that I understand the idea.

 

1) Sessions should NEVER be managed by a querystring session id they should ALWAYS be managed by cookies, to not do so opens up the application to session riding and all sorts of other nasties.

 

Having said this cookies are set based on domain and path, change either and you lose the session.

 

You could pass the session across using the querystring but this is a very bad idea.

Link to comment
Share on other sites

I'm not 100% sure what you are trying to achieve but supposing that I understand the idea.

 

1) Sessions should NEVER be managed by a querystring session id they should ALWAYS be managed by cookies, to not do so opens up the application to session riding and all sorts of other nasties.

 

Having said this cookies are set based on domain and path, change either and you lose the session.

 

You could pass the session across using the querystring but this is a very bad idea.

 

So this means, virtual subdomains (subdomains that are basically wildcard DNS entries that are being processed via rewrite rules) are a big no-no for osC? :'( This news is sad.

Link to comment
Share on other sites

So this means, virtual subdomains (subdomains that are basically wildcard DNS entries that are being processed via rewrite rules) are a big no-no for osC? crying.gif This news is sad.

 

I believe subdomains can be handled by setting the cookie domain to .mysite.com instead of www.mysite.com

Link to comment
Share on other sites

I believe subdomains can be handled by setting the cookie domain to .mysite.com instead of www.mysite.com

 

This is via configure.php, right?

 

Still, "virtual" subdomains cannot be handled even if the cookie domain is changed to .mysite.com. I've tried it. I visited apple.mysite.com (redirected to homepage) and logged in. My session is kept. However, I cannot login using the regular www.mysite.com. Possibly because of subdomain confusion between apple and www.

 

My project is basically a "Manufacturers URL" (e.g. apple.mysite.com), and I have posted a topic under the General Support forum. Please feel free to comment there if I go out of scope.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...