Jump to content
Jack_mcs

Autologon V 2

Recommended Posts

The overall cookier doamin is set in the configure file of your shop.

 

you are right! , the problem has no connections with autologon , I discovered that suhosin made the problem by encrypting session name!

 

by the way , is it possible to autologon customers directly via the index page instead of login or account page ?

 

thanks for your attention :)

Share this post


Link to post
Share on other sites

Once the customer sets up the login so that a cookie is on their computer, when they return they should be logged in without ever going to the login page.

Share this post


Link to post
Share on other sites

Once the customer sets up the login so that a cookie is on their computer, when they return they should be logged in without ever going to the login page.

however, with ssl activated, secured pages and unsecured pages use different cookies connected with two different domain names,

if I am correct, according to the fact that the cookies (email_address and password) are set only in secured page (ex: loging.php), the index page (http:// , not secured) can't access to the https cookies. In my case , after some time I am loosing my autologon on unsecured pages , but right after I clicked "account" (https), I am logged automatically again in all pages of the website thanks to your contribution.

 

your contribution set new cookies (email_address and password) for one year , it does not affect "osCsid" cookies (expired when the web browser is closed, according to the cookie data in the web browser)

 

please, correct me if I am wrong and give me some tips if my autologon installation seems to be mistaken

 

thanks!!!!!!!!!!!

Edited by kyser

Share this post


Link to post
Share on other sites

however, with ssl activated, secured pages and unsecured pages use different cookies connected with two different domain names,

if I am correct, according to the fact that the cookies (email_address and password) are set only in secured page (ex: loging.php), the index page (http:// , not secured) can't access to the https cookies. In my case , after some time I am loosing my autologon on unsecured pages , but right after I clicked "account" (https), I am logged automatically again in all pages of the website thanks to your contribution.

 

your contribution set new cookies (email_address and password) for one year , it does not affect "osCsid" cookies (expired when the web browser is closed, according to the cookie data in the web browser)

I don't have an answer for you. It works correctly for shops I've installed it into, though none have been 2.3 shops. Assuming the changes you made are correct, my guess is that your configure file is not setup correctly.

Share this post


Link to post
Share on other sites

I don't have an answer for you. It works correctly for shops I've installed it into, though none have been 2.3 shops. Assuming the changes you made are correct, my guess is that your configure file is not setup correctly.

<?php

define('HTTP_SERVER', 'http://www.site.com');

define('HTTPS_SERVER', 'https://www.site.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', '.site.com');

define('HTTPS_COOKIE_DOMAIN', '.site.com');

define('HTTP_COOKIE_PATH', '/xxxx/');

define('HTTPS_COOKIE_PATH', '/xxxx/');

define('DIR_WS_HTTP_CATALOG', '/xxxx/');

define('DIR_WS_HTTPS_CATALOG', '/xxxx/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_QUANTITY_ICONS', DIR_WS_ICONS . 'qicons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/admin/domains/xxxx/public_html/xxxxx/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

define('DB_SERVER', 'localhost');

define('DB_SERVER_USERNAME', 'xxxx');

define('DB_SERVER_PASSWORD', 'xxx');

define('DB_DATABASE', 'xxxx');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

?>

 

in session under admin , "force cookies and recreate session have to be desactivated ?

Edited by kyser

Share this post


Link to post
Share on other sites

define('HTTP_COOKIE_DOMAIN', '.site.com');

define('HTTPS_COOKIE_DOMAIN', '.site.com');

 

in session under admin , "force cookies and recreate session have to be desactivated ?

Try changing the above to

.www.site.com

Force cookies should be off, generally speaking. I haven't tested it with this contribution since I never run a shop with it on so I can't say if that is the cause or not but it is worth a try. Be sure to enable Prevent Spider Sessions if Force Cookies is off.

Share this post


Link to post
Share on other sites

Try changing the above to

.www.site.com

Force cookies should be off, generally speaking. I haven't tested it with this contribution since I never run a shop with it on so I can't say if that is the cause or not but it is worth a try. Be sure to enable Prevent Spider Sessions if Force Cookies is off.

 

when you log the first time via login.php with https, after some months , your shop can autolog in any http pages directly or do you need to reach a https page ?

do you have a shop which use autologon , I would like to check its behavior

 

thanks!

Edited by kyser

Share this post


Link to post
Share on other sites

when you log the first time via login.php with https, after some months , your shop can autolog in any http pages directly or do you need to reach a https page ?

do you have a shop which use autologon , I would like to check its behavior

 

thanks!

The login is done automatically. If you create a login today and then come back tomorrow, as soon as you go to the home page, you will be logged in. Yes, I have shops that it is installed in but they are not for testing. I sugget you install a blank RC2 shop and test it since the contribution is known to work with it. If that works, you can then use it for comparing. If it doesn't, then there is something wrong with your setup.

Share this post


Link to post
Share on other sites

Guys

 

My php & html knowledge is non existent which will become apparent when I tell you my issue

 

I have this in the login.php

 

 

</script>
<?php // HMCS: Begin Autologon	********************************************************** ?>
<script language="javascript"><!--
function win_autologon() {
 window.open("<?php echo FILENAME_INFO_AUTOLOGON; ?>","info_autologon","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>
<?php // HMCS: End	Autologon	*****************************
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

 

 

 

and I get the error

Parse error: syntax error, unexpected '<' in /home/***/***/login.php on line 123

Line 123 is </head>

 

Any pointers on sorting this issue is appreciated!

 

EDIT

 

 

Okay, I sorted my mistake, I didnt see the ?> at the end of the *****************************************

Edited by RMD27

Share this post


Link to post
Share on other sites

Hello!

 

This contribution was working fine on my shop thumbsup.gif until I implemented SSL.sad.gif

 

Now it doesn't work at all. I/customers have to manually log in

 

Anyone have a clue as to what I need to check to sort out this problem???huh.gif

 

Shop is v2.2 RC2

Edited by RMD27

Share this post


Link to post
Share on other sites

This contribution was working fine on my shop thumbsup.gif until I implemented SSL.sad.gif

 

Now it doesn't work at all. I/customers have to manually log in

 

Anyone have a clue as to what I need to check to sort out this problem???huh.gif

 

Shop is v2.2 RC2

I seem to recall someone else having a problem like this. I suggest you read through the thread to find that post and fix.

Share this post


Link to post
Share on other sites

I seem to recall someone else having a problem like this. I suggest you read through the thread to find that post and fix.

 

Hello Jack,

 

Of course you are right but it was about shared SSL and I have unique. Anyway when I was looking back through the post I spotted Kyser has the exact same problem as me (as detailed in post #49). It doesn't look like Kyser found a solution but he was on 2.3 maybe I will have more luck with 2.2

 

I have contacted my host hopefully they can help, maybe the issue is with my configure file. I will let you know what they say.

Edited by RMD27

Share this post


Link to post
Share on other sites

Questions (maybe dumb) about how this addon is designed to work...Does this keep me logged-in as long as I do not logout ? In other words, if I logout, then this addon will NOT log me in automatically? But, if I dont hit any logout button or link, I should be able to return to the site and be logged-in without a password?

 

Yes?

Share this post


Link to post
Share on other sites

When you tell it to remember you, it places a cookie in the brwoser you are using. So whenever you visit the site, no matter when how you do it, as long as you that browser, it will log you in automatically. That is different from having the page time out. If you place something in the cart and start an order and then do nothing and the page times out, when you click continue it will log you back in but the order will have to start over since you were logged out. If you want the timeout not to occur, you have to change the sessions time in the code. There are several threads on how to do this in the forums.

Share this post


Link to post
Share on other sites

When you tell it to remember you, it places a cookie in the brwoser you are using. So whenever you visit the site, no matter when how you do it, as long as you that browser, it will log you in automatically. That is different from having the page time out. If you place something in the cart and start an order and then do nothing and the page times out, when you click continue it will log you back in but the order will have to start over since you were logged out. If you want the timeout not to occur, you have to change the sessions time in the code. There are several threads on how to do this in the forums.

 

I am just trying to test if for customers, to make sure it works. At this point it does not seem to work, so I have some diagnosing to do. I am wondering if the situation is complicated because I am using various email addresses to login?

Share this post


Link to post
Share on other sites

When you tell it to remember you, it places a cookie in the brwoser you are using. So whenever you visit the site, no matter when how you do it, as long as you that browser, it will log you in automatically. That is different from having the page time out. If you place something in the cart and start an order and then do nothing and the page times out, when you click continue it will log you back in but the order will have to start over since you were logged out. If you want the timeout not to occur, you have to change the sessions time in the code. There are several threads on how to do this in the forums.

 

Does the Autologon occur on any page, or does a visitor have to come thru the login page to auto login?

 

What cookie should I look for, to make sure it is there?

Share this post


Link to post
Share on other sites

When you initially login, a cookie is created in the browser. When you come back at some later time, the cookies of that browser are checked and if an auto-login one is found, then you are logged in. It doesn't matter what page you are on. A cookie is created for each account so if you are testing with different email addresses, there will be different cookies. Cookies must be enabled in the browser you are using. If you clear the cookies in the browser, then it won't log you in.

Share this post


Link to post
Share on other sites

@@MountainMan

I've found that if the module suddenly stops working, if I go to my server control panel and update/sync the system time and hardware time, it works again. Hope this helps someone.

 

@@Jack_mcs

Which time does this module look to anyway? system or hardware?

and a noobie question - If I set up the system time to time sync to pool.ntp.org, should the option to set hardware time at sync also be checked? What is best practice here?

 

Thanks for any advice


-Dave

Share this post


Link to post
Share on other sites

Is this contribution 338? There's also an older contribution 2087, is 338 the best one to use?

 

Do either work with SSL?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×