Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

What is the osCsid & why you must not loose it.


spooks

Recommended Posts

This is via configure.php, right?

 

Still, "virtual" subdomains cannot be handled even if the cookie domain is changed to .mysite.com. I've tried it. I visited apple.mysite.com (redirected to homepage) and logged in. My session is kept. However, I cannot login using the regular www.mysite.com. Possibly because of subdomain confusion between apple and www.

 

My project is basically a "Manufacturers URL" (e.g. apple.mysite.com), and I have posted a topic under the General Support forum. Please feel free to comment there if I go out of scope.

 

Is the cookie being set or do you have a persistent osCsid in the url?

Link to comment
Share on other sites

  • Replies 206
  • Created
  • Last Reply

Hello, FWR Media.

 

I saw this on your USU5 add-on:

 # Change RewriteBase using the instructions above  
 RewriteBase /sbox1

 RewriteRule ^(.*)-p-([0-9]+).html$ product_info.php?products_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-c-([0-9_]+).html$ index.php?cPath=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-m-([0-9]+).html$ index.php?partners_id=$2&%{QUERY_STRING}

 

This is basically being used when the url is rewrite mode.

 

My question is: How, in that scenario, do you manage to keep the osCsid?

Link to comment
Share on other sites

Hello, FWR Media.

 

I saw this on your USU5 add-on:

# Change RewriteBase using the instructions above 
RewriteBase /sbox1

RewriteRule ^(.*)-p-([0-9]+).html$ product_info.php?products_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-c-([0-9_]+).html$ index.php?cPath=$2&%{QUERY_STRING}
RewriteRule ^(.*)-m-([0-9]+).html$ index.php?partners_id=$2&%{QUERY_STRING}

 

This is basically being used when the url is rewrite mode.

 

My question is: How, in that scenario, do you manage to keep the osCsid?

 

Well I wouldn't write it that way these days that was Chemos code, I would just add on the end ( less the {QUERY_STRING}

 

[NC,L,QSA]

 

QSA being Query String Attached.

 

Thing is though, there should be no session querystring.

Link to comment
Share on other sites

  • 2 weeks later...

Hey experts,

 

I have read the whole thread and tried several different settings but my problems still remains:

 

1. At my shop (http://www.survey-templates.com/ -> work in progress) the ...shopping_cart.php/pID/28?osCsid=eekqrmv5pphg0gsgfg768l44iutupu28 part is always shown at the URL, even after having clicked several links it doesn't disappear from the browser URL.

 

2. Whenever I click a link e.g. to a product of my shop, a new Session ID seems to be generated, example:

http://www.survey-templates.com/index.php/cPath/3?osCsid=h4jshbb6nb4e92dd4vm34cge3jfl6fb6

http://www.survey-templates.com/index.php/cPath/3?osCsid=2he4rudfkg57qffgorjnms94kp4qlr1p

http://www.survey-templates.com/index.php/cPath/3?osCsid=nllhddenus1ldfjnb79rhtntp1gonuri

 

3. My shopping cart doesn't work. If I click a link to a product and click the "buy now" or "add to cart" button I receive the message "Your Shopping Cart is empty!"

 

These are my shop details:

OSC: OSC 2.2 RC2a

PHP 5.2.11

MySQL 5

 

Add-Ons loaded in application_top.php:

a) IP Trap

B) FWR Media Security Pro

c) Best Sellers Mod

d) All Products SEO

e) Additional Images

Session Settings in Admin-> Configuration-> Sessions:

Session Directory /html/mazi/ls/shop/catalog/tmp

Force Cookie Use False

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session False

admin/includes/configure.php:

  define('HTTP_SERVER', 'http://www.survey-templates.com');
 define('HTTPS_SERVER', 'https://www.survey-templates.com');
 define('HTTP_CATALOG_SERVER', 'http://www.survey-templates.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.survey-templates.com');

 define('ENABLE_SSL', false);
 define('ENABLE_SSL_CATALOG', false);

 define('HTTP_COOKIE_DOMAIN', 'http://www.survey-templates.com');
 define('HTTPS_COOKIE_DOMAIN', 'https://www.survey-templates.com');
 define('DIR_FS_DOCUMENT_ROOT', '/home/htdocs/web27/html/mazi/ls/shop/catalog/');
 define('DIR_WS_ADMIN', '/main/');
 define('DIR_FS_ADMIN', '/home/htdocs/web27/html/mazi/ls/shop/catalog/main/');

 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 define('DIR_WS_CATALOG', '/');
 define('DIR_FS_CATALOG', '/home/htdocs/web27/html/mazi/ls/shop/catalog/');


 define('DIR_WS_IMAGES', 'images/');

 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

I'm hope it's just a wrong path setting or something like that. I have been searching for hours and learned a lot but had no luck solving this issue :(

Any help is appreciated!

 

Mazi

Link to comment
Share on other sites

Cookie setting are wrong.

 

For these:

 

define('HTTP_COOKIE_DOMAIN', 'http://www.survey-templates.com');
define('HTTPS_COOKIE_DOMAIN', 'https://www.survey-templates.com');

 

Try this:

 

define('HTTP_COOKIE_DOMAIN', 'www.survey-templates.com');
define('HTTPS_COOKIE_DOMAIN', 'www.survey-templates.com');

 

or this:

 

define('HTTP_COOKIE_DOMAIN', '.survey-templates.com');
define('HTTPS_COOKIE_DOMAIN', '.survey-templates.com');

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

You saved my day, thanks a ton!

 

For all others out there here is my solution:

 

At catalog/includes/configure.php change

define('HTTP_COOKIE_DOMAIN', 'http://www.yourdomain.com');
define('HTTPS_COOKIE_DOMAIN', 'https://www.yourdomain.com');

to:

define('HTTP_COOKIE_DOMAIN', 'www.yourdomain.com');
define('HTTPS_COOKIE_DOMAIN', 'www.yourdomain.com');

 

-> Leave out the http / https part.

 

Thanks once more,

Mazi

Link to comment
Share on other sites

  • 1 month later...

Hi,

 

At head head of this topic it was stated that the use of 'anchors' messes up the osCid ans shouldn't be used.

 

Trying to use -

 

echo tep_draw_form('checkout_payment', tep_href_link(FILENAME_CHECKOUT_SHIPPING, '#anchor', 'SSL'), 'post') . tep_draw_hidden_field('action', 'Options');

 

Causes a problem:

?osCsid=.......#anchor?osCsid=...........

is appended to the url (the first osCid is a regenerated one, the seconed osCid is the original one).

 

 

Playing about for a while I tried the following which seems to work (?) -

 

$goto=tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL') . '#anchor';
echo tep_draw_form('checkout_payment', $goto, 'post') . tep_draw_hidden_field('action', 'Options');

 

?osCsid=.......#anchor

is appended to the url (the correct osCid is added).

 

 

 

Is there a problem or lurking hidden dangers with this that I am not seeing?

 

Thanks

Link to comment
Share on other sites

The correct use of "relative" links won't cause session loss.

 

Looks to me like you are using it correctly.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 1 month later...

Thanks for this post.

 

I am making my links as you recommended in the intial post and I am not losing my SID. I am just curious if there is a way so that the url in the browser doesnt have to show the SID always?

 

I am pretty sure it has to do with my configuration file and cookie directories but I am not sure what to change them to. I am running it only on my computer now using XAMPP. here is my file:

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://localhost'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://localhost'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', false); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'http://localhost');
 define('HTTPS_COOKIE_DOMAIN', 'https://localhost');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', 'catalog/');
 define('DIR_WS_HTTP_CATALOG', '/gostwear/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_IMAGES_CAT', 'images/product_mid/');
 define('LARGE_IMAGES', 'images/product_big/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/gostwear/gostwear.com/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'root');
 define('DB_SERVER_PASSWORD', '');
 define('DB_DATABASE', 'gostwear');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

Link to comment
Share on other sites

  • 1 month later...

I made a (mal)functioning menu sprite in lieu of the default category menu with text links. The links for my sprite are not working or I get a 404:File Not Found.

 

I followed spooks advice on HOW TO HIDE THE SID (thread p.4).

 

I tried these link methods:

1) per spooks p.1:

<a href="<?php echo tep_href_link(FILENAME_DEFAULT); ?>">Back Home</a>

2) per Robert p.8:

Products Link

<a href="<?php echo tep_href_link( FILENAME_PRODUCT_INFO, 'products_id=1234' ) ?>">1234</a>

Categories Link

<a href="<?php echo tep_href_link( FILENAME_DEFAULT, 'cPath=1234' ) ?>">1234</a>

How I tried the above methods failed to work (version 2.3.1):

Cat

<a href="<?php echo tep_href_link( FILENAME_DEFAULT, \'cPath=22_32\' )?>">this link placed over the sprite image</a>

Prod

<a href="<?php echo tep_href_link( FILENAME_PRODUCT_INFO, \'products_id=34\' ) ?>">this link placed over the sprite image</a>

 

A "normal" link(mystore.com/catalog/index.php?cPath=22_32) works with the sprite, but of course no osCsid is created.

 

Related?:

p.4: usually you will only see the sid on the first page when you visit the site, thereafter not.

close ALL of your browser windows then go to your site.

p.3: Hover over any link and you will see in the bottom bar that the link has an osCsid appended to it.

If you then click that link then once again hover over a link when the page reloads the link should now be free of any osCsid.

Despite the sprite link not working, ALL other links (any box link, any page) the sid is persistent-- every hover, every page...all the time.

 

my config is set correctly (I think):

define('HTTP_SERVER', 'http://mystore.com');
 define('HTTPS_SERVER', 'https://mystore.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', '.mystore.com');
 define('HTTPS_COOKIE_DOMAIN', '.mystore.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Web Developer, Firebug, and Notepad++ are powerful free tools for web design.

Link to comment
Share on other sites

2) per Robert p.8:

Products Link

<a href="<?php echo tep_href_link( FILENAME_PRODUCT_INFO, 'products_id=1234' ) ?>">1234</a>

 

You are escaping characters that should not be escaped ( and in the process creating a PHP parse error ) ..

 

<a href="<?php echo tep_href_link( FILENAME_PRODUCT_INFO, \'products_id=34\' ) ?>">this link placed over the sprite image</a>

 

Should be ..

 

<a href="<?php echo tep_href_link( FILENAME_PRODUCT_INFO, 'products_id=34' ) ?>">this link placed over the sprite image</a>

Link to comment
Share on other sites

You are escaping characters that should not be escaped ( and in the process creating a PHP parse error ) ..

If I don't escape the entire site "breaks." If I put it outside the php tags it works great...sid included, but then it is not placed in the div where I need it.

 

I should elaborate...in order for the sprite to work (or put the links over the graphic in the right spot) I have to have the link within a list:

<li id="navStickers"><a href="<?php echo tep_href_link( FILENAME_DEFAULT, \'cPath=22_32\' )?>"></a></li>

It turns out the links do indeed work in the div I need them (only with "\"), but only WITHOUT the <li>. However, without the <li> the sprite is not functional as the links won't line up where they are supposed to.

Web Developer, Firebug, and Notepad++ are powerful free tools for web design.

Link to comment
Share on other sites

It turns out the links do indeed work in the div I need them (only with "\"), but only WITHOUT the <li>. However, without the <li> the sprite is not functional as the links won't line up where they are supposed to.

Let me rephrase this part: Links don't work in the div with the \ (the site stays functional, but the links lead to 404 errors). Outside the php tags and without the \ they work with a sid included.

 

In summary, the links need to function within the php tags, and within the list.

Web Developer, Firebug, and Notepad++ are powerful free tools for web design.

Link to comment
Share on other sites

Got it! :D After lots of trial and error:

 

'  <div class="ui-widget-content infoBoxContents" style="border-color:transparent" id="sign">' .

'  <li id="navStickers"><a href="'.tep_href_link( FILENAME_DEFAULT, 'cPath=22_2_3_10' ).'"></a></li>'.
'  <li id="navCaps"><a href="'.tep_href_link( FILENAME_DEFAULT, 'cPath=22_2_3_33' ).'"></a></li>'.
'  <li id="navTotes"><a href="'.tep_href_link( FILENAME_DEFAULT, 'cPath=22_2_3_13' ).'"></a></li>'.

 ' </div>' .

The id=sign refers to a png image used for the sprite which is linked in the stylesheet.

 

It works great and really improves the look...away from stock. B)

 

So, in my case, I had to construct a link for A CATEGORY as:

<a href="'.tep_href_link( FILENAME_DEFAULT, 'cPath=22_2_3_10' ).'"></a>

My only issue now is persistent sids on very link and every page.

Web Developer, Firebug, and Notepad++ are powerful free tools for web design.

Link to comment
Share on other sites

  • 2 weeks later...

I hope I post in the correct thread.

Years ago a developer that worked on my shop replaced "osCid" with "myshopID" in my url's....I've been searching my files but can't find where to go to edit this.

Can someone please shed some light?

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

I hope I post in the correct thread.

Years ago a developer that worked on my shop replaced "osCid" with "myshopID" in my url's....I've been searching my files but can't find where to go to edit this.

Can someone please shed some light?

 

includes/application_top.php

 

tep_session_name('osCsid');

 

or in your case ..

 

tep_session_name('myshopID');

Link to comment
Share on other sites

includes/application_top.php

 

tep_session_name('osCsid');

 

or in your case ..

 

tep_session_name('myshopID');

 

 

Robert, so if I wanted to change oscid to let's say secid, which appears in url, then that's all I have to change?

Link to comment
Share on other sites

I am reading conflicting information in this thread.

 

Cookie path should be this:

 

define('HTTP_COOKIE_DOMAIN', 'www.survey-templates.com');
define('HTTPS_COOKIE_DOMAIN', 'www.survey-templates.com');

 

Or should it be this (based on my research this is the correct format:

 

define('HTTP_COOKIE_DOMAIN', '.survey-templates.com');
define('HTTPS_COOKIE_DOMAIN', '.survey-templates.com');

Link to comment
Share on other sites

  • 2 weeks later...

Readers of this topic may also be interested in: -

 

osCsid & why you SHOULD lose it

why forcing cookie usage is the ideal

Link to comment
Share on other sites

  • 6 months later...

Just a quick note. I'm running "Ultimate SEO Urls 5 PRO r205" on my site and I love it. I'm also using anchors on my FAQ page. In FF the anchors work beautifully using the code Germ posted below but for some reason IE was appending the osCsid and causing the anchors to fail no matter how many different pages were being visited. I changed my link code from what Germ posted to the following and it works.

 

THE LINK:

<a href="' . tep_href_link(FILENAME_FAQ) . ('#001') . '"><b>How much does it cost to attend an event?</b></a><br>

 

and then

 

THE ANCHOR:

<A NAME="001"><b>How much does it cost to attend an event? </b></a><br> ADD ANSWER

.

 

The osCsid should not show after a couple of clicks in the site but what if your page with anchors is the first page visited or something is goofy with IE (like always)? I just wanted to share after spending two days cussing and screaming at IE.

 

Luck!

Athena

 

Relative link help

 

Or simplified using no parameters the link code becomes something like:

 

<?php
 echo '<a href="' . tep_href_link(basename($PHP_SELF),'#jump') . '">Jump</a>';
?>

 

And the target anchor looks like:

 

<a name="jump">Jump</a>

 

I have this code in a test page I use and it works and I don't lose the osCsid.

:)

Link to comment
Share on other sites

  • 7 months later...

You need to test your pages properly to ensure there is no chance of lost session due to lost sid.

 

Just because you browse your pages and they seem OK doesn't mean there isn't an issue there that a future customer will find, causing you to loose him!.

 

The way to test your site is change the settings in your browser so it won't accept cookie's, then empty its cache, then visit your site, login and browse as much as possible, all links should contain the sid indefinitely (as it can't be stored in a cookie), if any links are missing the sid you have an issue there.

 

Remember your admin can suffer the same problem and not all contributions set links correctly.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

  • 5 weeks later...

@@spooks glad to see you're around after all this time. You really are an asset to this forum.

 

I've read through this entire thread but it seems that none of the solutions are working for me. I would prefer not to install sid killer if possible.

 

I've added the 2 lines that were missing from my admin/includes/configure.php:

 

define('DIR_WS_HTTP_CATALOG', '/servername/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/servername/catalog/');

 

Also I tried forcing cookies and I wasn't even able to add something to the cart after that without getting a big error so I switched that back to false.

 

My site is http://www.aussieties.com.au and I've installed the ultimate seo urls contribution but no matter what I do (apart from the forcing cookies) the osCsid remains throughout after clicking around the site or clicking the same link multiple times.

 

I saw you said that the following

 

If you are using MS2 (many templates are ms2 based) you may still have an issue, consider upgrading to rc2a

Upgrading osC from 2.2 MS2 to 2.2 RC2a http://addons.oscommerce.com/info/6654

or at the least its advisable to use the includes/functions/sessions.php from the rc2a distribution.

 

If turning on Force Cookie Use in MS2 creates errors you may find using the includes/application_top.php from the rc2a distribution will fix that, though take great care if trying that.

 

Do you think that would be the next best step for me to try? The caveat about taking great care scared me a little bit :)

 

Thanks in advance!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...