Jump to content
Sign in to follow this  
reyak

autologon 1.03 and the 3/17/03 snapshot

Recommended Posts

this is really directed at marcel and anyone else that uses the autologon.

 

i just installed the autologon over the daily snapshot with the latest cookie-force security thing that has been going on. I get no errors after the install, but it doesnt seem to remember my login.

 

feel free to test it at http://www.reyakscards.com/default.php

 

it is my test site that eventually will become production after i figure out most stuff. my setup is http://www.domain.com and the https://secure.domain.com.

 

any asssitance would be greatly appreciated.

 

thanks in advance


Reyak

~Reyak's Card~ to be established soon

Share this post


Link to post
Share on other sites

ok, i just got the notification email that the security cvs is out - so is there any plans on updating the autologin?


Reyak

~Reyak's Card~ to be established soon

Share this post


Link to post
Share on other sites
ok, i just got the notification email that the security cvs is out - so is there any plans on updating the autologin?
Yes, the plans exist, but I'm currently busy with adapting the security proposal so it can be used on shops with shared ssl-certificates. See http://forums.oscommerce.com/viewtopic.php?t=31928

 

Marcel


Greetings from Marcel

|Current version|Documentation|Contributions|

Share this post


Link to post
Share on other sites

Marcel,

Do you know of any quick fixes (until a new version) that I could implement to allow Autologon when the client doesn't have cookies enabled?

 

The problem I'm having is that the Autologon feature works great if the client has cookies enabled. Regardless of whether they are using autologon, the site still works like normal.

When the client doesn't have cookies enabled, I get a continuous loop of the logoff.php file when I go to access the website.

 

Thanks,

Tony


"The price of success is perseverance. The price of failure comes much cheaper."

Share this post


Link to post
Share on other sites

Just to clarify my last e-mail.

 

I don't need the autologon feature to work for users without cookies enabled. All I need is for my site to work for them... as mentioned above I get a constant loop of the logoff.php file when they come to my site.

 

Thanks,

Tony


"The price of success is perseverance. The price of failure comes much cheaper."

Share this post


Link to post
Share on other sites

Try this:

 

Find in the autologon changes in application_top.php:

if (!tep_session_is_registered('customer_id')) {

 

Replace with:

if ( ($session_started) && (!tep_session_is_registered('customer_id')) ) {

I didn't test this. Please report back the results.[/b]


Greetings from Marcel

|Current version|Documentation|Contributions|

Share this post


Link to post
Share on other sites

Thanks Marcel!

 

All appears to be working fine now... though I've only done a quick test.

 

So... let take it as though the code changes work fine... if otherwise, I'll post to this thread.

 

Thanks again!

Tony


"The price of success is perseverance. The price of failure comes much cheaper."

Share this post


Link to post
Share on other sites

Update to testing...

 

I've some more testing on the updated code and these are the results:

User with cookies working fine, all aspects.

User without cookies, login in to cart ok. Can navigate site ok, though they get logged off if they click on 'Top' on the breadcrumb (ie. Looses the session id.)

 

For me though, this is working ok as I have force_cookies enabled which stops a non-cookie user from logging in, and a guest can now view the site with the updated code.

 

As a suggestion though, if work is going to be done to allow the module to work without force_cookies (ie. cookie and non-cookie users) a check should be done for cookies and if it returns false, to remove the 'Remember Me' option similar to what happens when you disable autologon.

 

Cheers,

Tony


"The price of success is perseverance. The price of failure comes much cheaper."

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×