IainMHamilton Posted September 15, 2013 Share Posted September 15, 2013 Hi, I have installed the SagePay server v 1.2 module on oscommerce 2.3.3. I am using the Server method when accessing SagePay. I have a VPS hosted solution with it's own SSL certificate. Everything works fine until I set FORCE_SESSION_COOKIES to true. If it is set to true, the system returns the login page from the initial redirect. I have ultimate SEO installed, but version 1.2 of the SagePay module contains code to work around the "&" to "amp" conversion problem documented elsewhere. Switching SEO on/off makes no difference. Switching W3C URL's on/off makes no difference. Can anyone point me in the direction of a fix or give some clues how to fix this. Thanks Quote Link to comment Share on other sites More sharing options...
IainMHamilton Posted September 16, 2013 Author Share Posted September 16, 2013 (edited) Hi, For anyone who may be interested, I finally managed to track down where this is going wrong. in application_top.php, we have the following piece of code :- if (SESSION_FORCE_COOKIE_USE == 'True') { if (!isset($HTTP_COOKIE_VARS['cookie_test'])) { tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain); } if (isset($HTTP_COOKIE_VARS['cookie_test']) { tep_session_start(); $session_started = true; } } when the SagePay Server was posting the callback this code was failing - ie the "cookie_test" cookie was not being found, even after an attempt to create it. Eventually, the login page was called. I changed the second test to be :- if ((isset($HTTP_COOKIE_VARS['cookie_test'])) || ($PHP_SELF=='checkout_process.php')) { tep_session_start(); $session_started = true; } and the code works OK (it always had a valid oscid). Checking the referrer is indeed the SagePay production server will make sure this only works for callbacks from that site. If anyone can shed some light on why the setcookie fails, I would be interested to know. Edited September 16, 2013 by IainMHamilton Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.