Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Archived

This topic is now archived and is closed to further replies.

vmn

osCid in url

Recommended Posts

Hi,

I'm maintaining an OSC 2.3.4 (non BS) web shop in a hosted environment.

One customer had problems with her network connection when adding products to her shopping cart.
When she returned to the shop, she claimed that the shopping cart did not contain products she had bought.

I think that the sessions got somehow mixed up. I did not see anything related in the logs.

I found out that osCsid shows in urls. As to my understanding shopping cart problems might be caused by the osCsid showing in urls, when urls are reused.
I think I've fixed that in the past, not sure, though.

I've read quite a few related threads here, without finding a solution.

I've dumped the $request_type from application_top.php. The value is always SSL. The osCsid problem shouldn't be caused by mixed content.

If I open a new window to the shop in Firefox or Chrome, urls do not contain osCsid.

This is one page info.

image.png.b7012488d4851f4097f0bff8daa3a997.png

I can see the cookie osCid.

The sessions are store to mysql:

define('STORE_SESSIONS', 'mysql');

The session settings are:

image.png.51ef900fb191e644c764908dd3206b71.png

 

Any ideas how to proceed?

Share this post


Link to post
Share on other sites
1 hour ago, vmn said:

One customer had problems with her network connection when adding products to her shopping cart.

When she returned to the shop, she claimed that the shopping cart did not contain products she had bought.

If I take this literally, then it is normal.

Once she "bought" (went through the checkout process and confirmed the order) the shopping cart is empty.

Or do you (she) mean placed/added into the shopping cart and not "bought" yet.

In that case it depends if she had already an account and was logged in:

- shouldn't be a session problem, the cart content is stored in the database

or

if she added the products as a guest:

- then it is a session/cookie issue

Share this post


Link to post
Share on other sites

Sorry, I forgot to mention that I'm only using PWA. Logins/permanent user accounts are disabled.

Share this post


Link to post
Share on other sites
2 hours ago, vmn said:

The session settings are:

image.png.51ef900fb191e644c764908dd3206b71.png

- try to set "recreate asessions " to "false"

- check your cookie domain configuration in includes/configure.php, some servers are good with this:

  define('HTTP_COOKIE_DOMAIN', '');
  define('HTTPS_COOKIE_DOMAIN', '');

some need this:

  define('HTTP_COOKIE_DOMAIN', 'mydomain.com');
  define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');

would be also good to know if this happens more often and you can recreate the issue or if you have only that one case reported.

Share this post


Link to post
Share on other sites

@vmn

22 minutes ago, vmn said:

Sorry, I forgot to mention that I'm only using PWA. Logins/permanent user accounts are disabled.

Which version of PWA? The older versions had issues that (hopefully) have been fixed with the latest version ...

Share this post


Link to post
Share on other sites

If he says he is using non BS it's for sure an older version and it should be related to it. I know only my new BS PMA, so can't help with more details.

Share this post


Link to post
Share on other sites
3 hours ago, vmn said:

I'm maintaining an OSC 2.3.4 (non BS) web shop in a hosted environment.

One customer had problems with her network connection when adding products to her shopping cart.
When she returned to the shop, she claimed that the shopping cart did not contain products she had bought.

So, the customer was *not* logged in. She put things into her cart, and her network connection was broken. When she returned to the shop, there was nothing in the cart.

This sounds right to me. There was no customer account associated with the contents in the cart. so when the connection was broken, the cart contents should be lost too, right? When she returned to the shop, wouldn't she have a different session and/or osCid, right?

Or, am I missing something?

Malcolm

Share this post


Link to post
Share on other sites

I think it depends of session time out setting. Presumably it is set to 15 minutes - so if customer returns after 15 minutes the session is destroyed. Indeed normal behavior.

If OP likes to set longer setting - probably Php server setting must be changed.

Share this post


Link to post
Share on other sites
18 minutes ago, ArtcoInc said:

So, the customer was *not* logged in. She put things into her cart, and her network connection was broken. When she returned to the shop, there was nothing in the cart.

This sounds right to me. There was no customer account associated with the contents in the cart. so when the connection was broken, the cart contents should be lost too, right? When she returned to the shop, wouldn't she have a different session and/or osCid, right?

Or, am I missing something?

Malcolm

I thought cookie is used in that case to recover the session.

Share this post


Link to post
Share on other sites

I'm using Purchase without account for 2.3.4 dated 16th October 2014.

I don't understand this:

9 hours ago, wHiTeHaT said:

There is no $SID generated for PWA users in the version the OP maintains, for that..... the PWA not generates a cookie

If this is true I wouldn't see the cookie. The cookie exists and is removed, when all Firefox/Chrome windows are closed.

I debugged my local version witch PHP Eclipse and noticed that $SID is set. I'll add some debugging output to the production version, because I cannot debug that.

Any ideas why the osCid disappears from urls in a second browser window?

So, my main concern is, why do urls contain osCid. BTW. this only happens in catalog urls, there is no osCAdminID in admin urls

Share this post


Link to post
Share on other sites
1 minute ago, vmn said:

Any ideas why the osCid disappears from urls in a second browser window?

This is normal, once the session id is stored in the cookie, it is removed from urls.

 

3 minutes ago, vmn said:

If this is true I wouldn't see the cookie. The cookie exists and is removed, when all Firefox/Chrome windows are closed.

I guess the cookie is set but doesn't contain the session id. Didn't research this in all detail, but seems to work like this.

Share this post


Link to post
Share on other sites
2 minutes ago, wHiTeHaT said:

If this is the version you use: https://apps.oscommerce.com/t33Lf , the problem you have states to be solved.
Appropriate Topic for that version : 

 

 

It seems not to be that version. He is using a pre BS version.

Share this post


Link to post
Share on other sites

The new 2.3.4 BS version dosn't interfere at all in the sessions, register cookies or whatever before the customer tries to checkout. I do not know details of previous versions, but it just sounds locic that it won't be different. Before the customer decides to checkout, nothing should be different to standard OsCommerce session and cookie processing. So I would discart that the problem has anything to do with PWA.

The customer is an unregistered guest until he tries checkout. The problem described is just a guest shopping cart which gets lost.

Share this post


Link to post
Share on other sites

Just thought about the other scenario:

- customer already tried to checkout and filled in guest account data

- in that case the shopping cart content is linked to the temporary guest account and removed from the guest session

- if the connection breaks and she comes back to the store, she may have been logged out (session timeout) from the guest account and has no way to login again (guest account=> no password, no login)

- this is absolute as expected then, nothing wrong with it and no other way to do it

Share this post


Link to post
Share on other sites

This is a screen copy after clicking around a few times. Nothing is in the shopping cart. As you see the osCsid is in the url and the cookie exists.

image.png.9db51095603e528e8d9e6530120534e9.png

 

I put some debugging print into application_top.php after:

// set SID once, even if empty
  $SID = (defined('SID') ? SID : '');

In the first browser window SID is populated (osCsid=<session id>).

When I open the second window, the SID is empty. Thus, no osCsid in the url.

Is the problem related to php? I'm using php 5.6.34.

Thanks for your patience!

Share this post


Link to post
Share on other sites

@vmn, can you please clarify first if the customer had tried to checkout and filled in the customer data already or if she just had added the products to the cart.

Please see my 2 last posts.

Share this post


Link to post
Share on other sites

Thanks @raiwa, but I would like to concentrate now to the osCsid problem. I think it is part of the problem.

I reviewed the access log from the reported time. I noticed that the same osCsid has been reused between several ip addresses. The shortest time between ip address change with the same osCsid is ONE second. This kind of a problem has never happened before. I have now been using the same hosting provider almost 3 years. I haven't modified the shop software either for some time.

Example:
3 secs between shopping_cart.php from different ip addresses:

    Line 1809: IP00010- - [31/Mar/2018:22:03:23 +0300] "GET /shopping_cart.php?osCsid=oe365fivebh8nf6d8r015cle50 HTTP/2.0" 200 16240 "https://www.studiohenna.fi/product_info.php?cPath=634&products_id=1515&osCsid=oe365fivebh8nf6d8r015cle50" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
*** IP CHANGE *** time difference: 3 sec
    Line 1810: IP00008 - - [31/Mar/2018:22:03:26 +0300] "GET /shopping_cart.php?products_id=1524&action=remove_product&osCsid=oe365fivebh8nf6d8r015cle50 HTTP/2.0" 302 - "https://www.studiohenna.fi/shopping_cart.php?osCsid=oe365fivebh8nf6d8r015cle50" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:59.0) Gecko/20100101 Firefox/59.0"

IP00008 just removed a product added by IP00010.

I can upload some more logs, if needed.

If I cannot get rid of the osCsid in urls, does the session parameter  'Check IP Address' help?

I have reported the problem also to my hosting provider.

Thanks again!

 

Share this post


Link to post
Share on other sites

 

On 2018. 04. 03. at 7:28 PM, vmn said:

If I open a new window to the shop in Firefox or Chrome, urls do not contain osCsid.


I would be surprised if will not happened this. Have you ever tried incognito modes? This will be the solution of your problem.

(try to swith off cookie usage and you will see the reason https://www.studiohenna.fi/cookie_usage.php)

osCsid is not a required parameter if you have a cookie.. and oscommerce can not work without osCsid cookie

Madam had an expired cookie.


:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Share this post


Link to post
Share on other sites
19 hours ago, vmn said:

OSC cache is disabled. So, that's not the culprit.

Check the paths in the cache and sessions settings. They default to the servers tmp directory, which is shared. They need to be set to a local directory or things like this can happen.


Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Share this post


Link to post
Share on other sites
4 hours ago, Jack_mcs said:

Check the paths in the cache and sessions settings

Why?
Use cache= false
define('STORE_SESSIONS', 'mysql');

Share this post


Link to post
Share on other sites

There is no cacheing system provided by the web hotell.

1 hour ago, ArtcoInc said:

How often has this actually happened?

It's the first time customers complain about corrupted shopping carts or missing orders.

23 hours ago, tgely said:

I would be surprised if will not happened this. Have you ever tried incognito modes? This will be the solution of your problem.

Yes, in incognito window I see osCsid in url as well as the cookie, just like in my post "Posted at 01:03 PM"

23 hours ago, tgely said:

osCsid is not a required parameter if you have a cookie.. and oscommerce can not work without osCsid cookie

I do see the cookie and osCsid(:.

On 4/4/2018 at 10:29 PM, tgely said:

Madam had an expired cookie.

How come, according to access_log she just entered the site?

Any opinions about the session parameter  'Check IP Address' ?

And, why the cookie and still the osCsid at the same time?

Share this post


Link to post
Share on other sites

I dont understand why dont you implement a cookie cart into the shop. What you want is not a solution for this "problem".


:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Share this post


Link to post
Share on other sites

×