Results 1 to 8 of 8

Session page setup

This is a discussion on Session page setup within the osCmax v2 Customization/Mods forums, part of the osCmax v2.0 Forums category; Hi there, I would like to ask what is the good practice for session page: Here is my setup: Session ...

      
  1. 09-16-2009, 06:39 PM #1
    gmancommerce
    gmancommerce is offline
    New Member
    Join Date
    Aug 2009
    Posts
    19
    Rep Power
    0

    Default Session page setup

    Hi there,

    I would like to ask what is the good practice for session page:

    Here is my setup:

    Session Directory /tmp
    Force Cookie Use False
    Check SSL Session ID True
    Check User Agent True
    Check IP Address True
    Prevent Spider Sessions True
    Recreate Session True

    The reason why I have this setup because the oscid show up in the URL, if the user check out and send the URL to another user (Let said User B), User B can view all the address information just simply click the link.

    My temporary solution is setup the session page like above. It is partially working. However, now, whenever people send the URL, it will go to login page regarding if she is login or not.

    Is there any way I can do the following:
    1) If it is not checkout, I can still send the URL and share the product information
    2) If it is checkout, I want to have login page show up when I pass the URL to protect the user privacy.

    Any advice is welcome.

    Thanks
  2. 09-17-2009, 06:10 AM #2
    jpf
    jpf is offline
    osCMax Testing Team
    jpf's Avatar
    Join Date
    Sep 2003
    Location
    Manitoba, Canada
    Posts
    2,699
    Rep Power
    23

    Default Re: Session page setup

    Session Directory /tmp -NA use MySQL!!
    Force Cookie Use - YES!!!!!


    Without cookie there will be some (cookie restriction) will see SID.


    Also use htaccess and mod rewrite with the SEO option in osCMax will remove the standard URL.
    JPF - osCMax Fourm Moderator - To contact, post on the forum or click here
    Try out our osCMax at: Live Catalog Demo
    Limited access Admin: Live Admin Demo
    Feel free to add products they way you want and then purchase them -=+=- Sorry nothing will be billed or shipped!
  3. 09-17-2009, 03:16 PM #3
    gmancommerce
    gmancommerce is offline
    New Member
    Join Date
    Aug 2009
    Posts
    19
    Rep Power
    0

    Default Re: Session page setup

    Hi Jpf,

    Thanks for your reply, yes I know cookie will help, however, it can't used with Shared SSL. We need to purchase a dedicated SSL and dedicated IP for this.

    I will take a look on htacess and SEO option.

    Thanks for your reference.
  4. 09-17-2009, 05:38 PM #4
    JohnW
    JohnW is offline
    osCMax Development Team
    Join Date
    Nov 2002
    Location
    Orlando
    Posts
    433
    Rep Power
    15

    Default Re: Session page setup

    On a shared server just using /tmp is a security risk because it is possible for others to access it. Purchasing a SSL is money well spent and really you'll make the make the money back on it through sales you would otherwise lose for not having one.
    John
  5. 09-18-2009, 01:13 AM #5
    pgmarshall
    pgmarshall is offline
    osCMax Development Team
    pgmarshall's Avatar
    Join Date
    Feb 2009
    Location
    London
    Posts
    3,124
    Donation Level 3 
    Rep Power
    55

    Smile Re: Session page setup

    Anyone who wants to set their sessions to be in MySQL ...

    Goto the configure.php file in catalog/includes/ and near the bottom change this line to look like this.

    define('STORE_SESSIONS', 'mysql');
    Regards,
    pgmarshall
    _______________________________
  6. 09-18-2009, 02:45 AM #6
    gmancommerce
    gmancommerce is offline
    New Member
    Join Date
    Aug 2009
    Posts
    19
    Rep Power
    0

    Default Re: Session page setup

    Thanks for all response

    define('STORE_SESSIONS', 'mysql'); is a current setup, and agree with JohnW's advice.
  7. 09-18-2009, 08:49 AM #7
    JohnW
    JohnW is offline
    osCMax Development Team
    Join Date
    Nov 2002
    Location
    Orlando
    Posts
    433
    Rep Power
    15

    Default Re: Session page setup

    If this site ever has an award for the most typos I might just win win
    John
  8. 09-19-2009, 03:27 AM #8
    ridexbuilder
    ridexbuilder is offline
    osCMax Development Team
    ridexbuilder's Avatar
    Join Date
    Jul 2008
    Location
    Haggisland
    Posts
    3,370
    Donation Level 2 
    Rep Power
    57

    Talking Re: Session page setup

    Dunno what you what you mean.
    Hosting plans with installation, configuration, contributions, support and maintenance.
« Subject in Contact US email | Need help with purchased template »

Similar Threads

  1. session id in URL
    By cominus in forum osCmax v1.7 Discussion
    Replies: 3
    Last Post: 11-11-2004, 04:34 PM
  2. Session ID
    By andyy15 in forum osCommerce 2.2 Modification Help
    Replies: 3
    Last Post: 08-15-2004, 11:40 PM
  3. Session Help
    By doggifts in forum osCommerce 2.2 Modification Help
    Replies: 1
    Last Post: 10-21-2003, 07:09 PM
  4. SSL Errors, Session Cookie, Session Cache, NOVICE Problems?
    By hanool in forum osCommerce 2.2 Modification Help
    Replies: 1
    Last Post: 09-07-2003, 11:49 AM
  5. session id
    By thorben in forum osCommerce 2.2 Installation Help
    Replies: 2
    Last Post: 06-03-2003, 06:35 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules