reyak Posted March 24, 2003 Share Posted March 24, 2003 this is really directed at marcel and anyone else that uses the autologon. i just installed the autologon over the daily snapshot with the latest cookie-force security thing that has been going on. I get no errors after the install, but it doesnt seem to remember my login. feel free to test it at http://www.reyakscards.com/default.php it is my test site that eventually will become production after i figure out most stuff. my setup is http://www.domain.com and the https://secure.domain.com. any asssitance would be greatly appreciated. thanks in advance Quote Reyak ~Reyak's Card~ to be established soon Link to comment Share on other sites More sharing options...
reyak Posted March 25, 2003 Author Share Posted March 25, 2003 ok, i just got the notification email that the security cvs is out - so is there any plans on updating the autologin? Quote Reyak ~Reyak's Card~ to be established soon Link to comment Share on other sites More sharing options...
M@rcel Posted March 25, 2003 Share Posted March 25, 2003 ok, i just got the notification email that the security cvs is out - so is there any plans on updating the autologin?Yes, the plans exist, but I'm currently busy with adapting the security proposal so it can be used on shops with shared ssl-certificates. See http://www.oscommerce.com/forums/viewtopic.php?t=31928 Marcel Quote Greetings from Marcel |Current version|Documentation|Contributions| Link to comment Share on other sites More sharing options...
TB Posted April 22, 2003 Share Posted April 22, 2003 Marcel, Do you know of any quick fixes (until a new version) that I could implement to allow Autologon when the client doesn't have cookies enabled? The problem I'm having is that the Autologon feature works great if the client has cookies enabled. Regardless of whether they are using autologon, the site still works like normal. When the client doesn't have cookies enabled, I get a continuous loop of the logoff.php file when I go to access the website. Thanks, Tony Quote "The price of success is perseverance. The price of failure comes much cheaper." Link to comment Share on other sites More sharing options...
TB Posted April 22, 2003 Share Posted April 22, 2003 Just to clarify my last e-mail. I don't need the autologon feature to work for users without cookies enabled. All I need is for my site to work for them... as mentioned above I get a constant loop of the logoff.php file when they come to my site. Thanks, Tony Quote "The price of success is perseverance. The price of failure comes much cheaper." Link to comment Share on other sites More sharing options...
M@rcel Posted April 22, 2003 Share Posted April 22, 2003 Try this: Find in the autologon changes in application_top.php: if (!tep_session_is_registered('customer_id')) { Replace with: if ( ($session_started) && (!tep_session_is_registered('customer_id')) ) { I didn't test this. Please report back the results.[/b] Quote Greetings from Marcel |Current version|Documentation|Contributions| Link to comment Share on other sites More sharing options...
TB Posted April 23, 2003 Share Posted April 23, 2003 Thanks Marcel! All appears to be working fine now... though I've only done a quick test. So... let take it as though the code changes work fine... if otherwise, I'll post to this thread. Thanks again! Tony Quote "The price of success is perseverance. The price of failure comes much cheaper." Link to comment Share on other sites More sharing options...
TB Posted April 23, 2003 Share Posted April 23, 2003 Update to testing... I've some more testing on the updated code and these are the results: User with cookies working fine, all aspects. User without cookies, login in to cart ok. Can navigate site ok, though they get logged off if they click on 'Top' on the breadcrumb (ie. Looses the session id.) For me though, this is working ok as I have force_cookies enabled which stops a non-cookie user from logging in, and a guest can now view the site with the updated code. As a suggestion though, if work is going to be done to allow the module to work without force_cookies (ie. cookie and non-cookie users) a check should be done for cookies and if it returns false, to remove the 'Remember Me' option similar to what happens when you disable autologon. Cheers, Tony Quote "The price of success is perseverance. The price of failure comes much cheaper." Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.