View Full Version : Problems with cookie usage.php

10-13-2003, 07:14 PM
Hey all,

I seem to be having an issue when I attempt to login as a registered user?
It always directs me to the :cookie_usage.php: page.
I am sure I have an account setup.
I am sure ciikies are enabled within my browser.
I have tried disabling "force cookies" option in admin tool.

Hopefully someone can assist me?

10-20-2003, 06:21 PM
Hey redz008,

I, too, am continuing to experience the same issue. When I have "session cookies" forced ON, upon clicking LOGIN I am redirected to the "cookie_usage.php" page. Turning OFF the "session cookies" allows me to pass thru with out a single gunshot. Technically speaking, we should not have to be a "registered user" to get to the LOGIN area.

During my wanderings I happen to notice that in the Admin Control Panel that the default directory for storing session cookies was "/tmp". Upon browsing my fresh install, I noticed no such folder/directory, however, there was a "/temp" folder. So, I created a /tmp folder, Chmod - 777. Alas! No such luck!

I have turned my computer's IE security settings down to "stick it to me", but no matter....

There is one thing that I really would like to do is add the "AutoLogon" contrib. I had it on my other OsC Cart, but when I switched servers, I ended up doing a completely fresh installation, choosing the MS2 MAX Cart for its pre-added contributions. But there are a couple of bugs still inherent (like the folder issue above).

BUT, my wish is to be able to use all the powerful features of this Cart without having to compromise (like shutting off cookies).

cause I happen to like those monster chocolate chip ones.......

10-20-2003, 10:26 PM
That is not a bug in MS2-MAX, it is a problem somewhere in your setup. Most likely, you are either using shared ssl, or the cookie domain and path are not correctly setup.

I have installed ms2-max on HUNDREDS of servers and have not once had this issue. I can reproduce it though, by putting the incorrect cookie domain path, or forcing cookies with shared ssl. That is an issue with osCommerce though, and is built in to behave that way...

Regarding the /tmp dir, most servers have a shared tmp dir available for session handling, and it is not visible in a user account dir tree, as it is above the home dir of accounts. PHP uses it to store sessions, but you can change the path to whatever you like, just make sure it actually points to a writable directory.

Fix the problems with your setup and you will be able to use cookies. Remember, no shared ssl...

10-21-2003, 06:09 PM
Thanks for the assistance,
Could you please have a look at the script below copied from my config.php file
Please let me know what you would suggest.

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.simplyredz.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.simplyredz.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'http://www.simplyredz.com');
define('HTTPS_COOKIE_DOMAIN', 'https://www.simplyredz.com');
define('HTTP_COOKIE_PATH', '/store/catalog/');
define('HTTPS_COOKIE_PATH', '/store/catalog/');
define('DIR_WS_HTTP_CATALOG', '/store/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/store/catalog/');

Your help is greatly appreciated

12-18-2003, 05:32 PM
I had the same problem... I set HTTP_COOKIE_DOMAIN to ''
and it seems to work. I'm running Apache on Windows 2000 BTW.

If anyone knows why this is the case please elaborate :)

01-14-2004, 03:48 PM
Why is it that cookies don't work with shared SSL?

01-14-2004, 10:35 PM
define('HTTP_COOKIE_DOMAIN', 'http://www.simplyredz.com');
define('HTTPS_COOKIE_DOMAIN', 'https://www.simplyredz.com');

These should be 'simplyredz.com' only. Ditch the rest...

define('HTTP_COOKIE_DOMAIN', 'simplyredz.com);

Cookies don't work with shared ssl because the base domain changes, and cookies are set for one domain, and they are not valid on the different shared ssl domain.

01-15-2004, 02:51 AM
Are we best advised to get an SSL certificate rather than shared SSL space, as without cookies the session id is displayed in the url.

01-15-2004, 09:36 AM
NickW, if you are keen on security, then yes, you will get your own ssl cert, but it is not required.

02-17-2004, 12:14 AM
Hi there, I'm having the same problem. I have Force Cookies set to false though, and I also have SSL usage set to false. I have tried different browsers, cleared cache, deleted cookies that were sent before, and all keep sending me back to the cookie_usage page when I try to checkout. Any ideas?

02-17-2004, 10:38 AM
Try disabling cache in admin.

02-17-2004, 05:28 PM
Cache was already disabled...

02-17-2004, 06:42 PM
very strange, I just re-uploaded the login.php file and everything works fine now! :)

03-30-2004, 08:15 PM
I was having the exact same problem.

And this seems to work.
In configure.php in the catalog change the HTTP_COOKIE_DOMAIN to be the same as HTTPS_COOKIE_DOMAIN
and it work.

define('HTTP_COOKIE_DOMAIN', 'dv.sslpowered.com');
define('HTTPS_COOKIE_DOMAIN', 'dv.sslpowered.com');

08-07-2006, 06:56 PM

I just thought i'd share my fix for allowing it to work with Shared SSL :D

All you need to do is edit the configure.php file....:


define('HTTPS_COOKIE_DOMAIN', 'shared.sslwebhost.com');
define('HTTPS_COOKIE_PATH', '/~username/store/');

Instead of the following:

define('HTTPS_COOKIE_DOMAIN', 'shared.sslwebhost.com/~username');
define('HTTPS_COOKIE_PATH', '/store/');

That seems to work fine for me :)