Strange kind of bug that probably has to do with SSL

[ceres]

Here is how it goes down:

1. A user comes to my site and picks a product (at http://www.mycompany.com)
2. The user tries to write a review for this product but is not logged in
3. The user successfully logs in on a secure SSL connection (at https://secureserver.com/~mycompany/)
4. The user then gets redirected back to the main page (on https://secureserver.com/~mycompany/)
5. The user tries to write the review again but gets redirected to http://www.mycompany.com once they click on a product
6. Steps 2-5 get repeated

It seems as though the user creates a proper session on the secure server, but the instant that the user accesses something that does not require the secure server, it goes back to the normal server but there is no session created for that user there. The server then decides that the user should log in again.

Anyone encounter a problem like this before? Any suggestions as to how to solve this?

Thanks,

Ceres

[michael_s]

What version of osC are you using? What version of PHP?

Once we have that info, we should be able to take a look ...

[ceres]

What version of osC are you using? What version of PHP?

Once we have that info, we should be able to take a look ...

Hi Michael,

Actually I am getting hosted by AABox right now so i'm sure you would know what version of PHP I am using better than I would .

As for my osC version, my installation is based off of Loaded 5 (which AFAIK based off of MS1) with some custom modifications.

Ceres

[michael_s]

Send me helpdesk ticket through AABox. I dont know what account is yours I will take a look at your site for you.

PHP is 4.3.2

[michael_s]

The resolution to this was to disable the the SID killer in loaded 5. To do so, edit application_top.php, commenting out this code (excerpt from thread here http://www.zenwarehouse.com/xoops2/m...d=355&forum=2:

In the catalog/includes/application_top.php

Find this section of code. Pretty self explanatory. approx line 403

Code:

//================================================== ==============
if ( ($HTTP_GET_VARS['currency']) ) {
tep_session_register('kill_sid');
$kill_sid=false;
}
if (basename($_SERVER['HTTP_REFERER']) == 'allprods.php' ) $kill_sid = true;
if ( ( !tep_session_is_registered('customer_id') ) && ( $cart->count_contents()==0 ) && (!tep_session_is_registered('kill_sid') ) ) $kill_sid = true;
if (basename($PHP_SELF) == FILENAME_LOGIN ) $kill_sid = false;
// To disbale the SID Killer un comment the line below (will make this an admin selection
//$kill_sid = false;
//================================================== ==============

This will disable sid killer.