Blocked Checkout - stuck on login

[davidf]

Hi again, I checked with my webhost and this is his reply...a bit out of my depth...is this not a problem for lots of Zencart installations?

Cookies are generally associated with a domain. Because the secure server is not in the same domain as the main website, a technique must be employed to ensure that the session id is moved between the two. In some cases this can be done by appending it to the URL, I know of one instance where the user has kept it in a hidden field on their form and then picks up the session stuff in their script.

It is possible to pass session stuff between our secure server and your website, we have people doing so. You may need to experiment with how best to do so. Unfortunately, because all the sites we host are 'virtual', we can not provide a secure service using your own domain.
This is usually accomplished using multiple IP numbers and we are unable to provide a site with its own IP number.

[DrByte]

By default, Zen Cart does all of those things automatically.

Things which could cause that to malfunction include:
- SEFU/SEO modules installed
- PHP is not configured to handle sessions properly
- cookie blockers on PC or browser blocks
- non-default settings for cookies in Admin->Configuration->Sessions
..... Cookie Domain should normally be "True"
..... Force Cookie Use is typically set to "False"
..... Check SSL Session ID not set properly
- Using "Recreate Session" with PHP 5 and Zen Cart older than v1.3.0.2

[DrByte]

What is your Session Directory set to in Admin->Configuration->Sessions ?

In theory, it should be: /home20/amurphy/gallery/cache

[davidf]

Thanks, my Session Directory was set wrongly to my local PC Apache server so I corrected that to /home20/amurphy/gallery/cache as you stated...but I was dissappinted to find it didn't seem to fix the problem. Here are my Session settings. We're on Zencart 1.2.5 I think it is and my host config is at http://www.stevegrove.com/gallery/zc...l/techsupp.php

Session Directory /home20/amurphy/gallery/cache
Cookie Domain True Info
Force Cookie Use False Info
Check SSL Session ID False Info
Check User Agent False Info
Check IP Address True Info
Prevent Spider Sessions True Info
Recreate Session False Info
IP to Host Conversion Status true

I haven't got SEFU/SEO modules installed as I think the only module I installed was the one that gives 3 columns for the product list.

[athena]

Dr. Byte or anyone, Please help...several customers have left us over this:

Could this be the reason our customers stall out on occasion when they click the "confirm order" button...but instead of us getting the order they go back to the order confimation page with a warning attached saying their session timed out? Most of the time their card is charged ...not always, but no order comes through.

Here is our includes/configure.php file. We use zencart 1.3.0.2 on a Windows IIS server through Crystaltech with a shared ssl



<?php
/**
*
* @package Configuration Settings
* @copyright Copyright 2003-2006 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/


// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg, http://www.yourdomain.com
// HTTPS_SERVER is your Secure webserver: eg, https://www.yourdomain.com
define('HTTP_SERVER', 'http://topkayaker.net');
define('HTTPS_SERVER', 'https://www7.ssldomain.com/topkayaker');

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/TopKayakerShop/');
define('DIR_WS_HTTPS_CATALOG', '/TopKayakerShop/');

define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');

define('DIR_WS_PHPBB', '/');

// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', 'D:/Inetpub/topkayaker/TopKayakerShop/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');
define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');

// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', '');
define('DB_SERVER', 'MySQL14.webcontrolcenter.com'); // eg, localhost - should not be empty
define('DB_SERVER_USERNAME', '');
define('DB_SERVER_PASSWORD', '');
define('DB_DATABASE', 'tomsshop');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'db'

// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'none');
define('DIR_FS_SQL_CACHE', 'D:/Inetpub/topkayaker/TopKayakerShop/cache');

?>

[athena]

I never get answers anymore. Should I be taking this personally?

Here are the config > sessions settings:

Everything is set to false in config > sessions Except

Cookie Domain
Prevent Spider Sessions
IP to host converstion status


what is the harm or benefit of setting this to true:

Recreate Session -False
Recreate the session to generate a new session ID when the customer logs on or creates an account (PHP >=4.1 needed).

[davidf]

I gave up on fixing this and upgraded to 1.3.5 which has fixed the returning customer login problem.

[Ajeh]

I'd upgrade to v1.3.7 as v1.3.5 is rather old and has some issues that were fixed in v1.3.6 ...

v1.3.7 adds the new PayPal Express ... plus a few other features and bug fixes etc.

[DogTags]

Ya know....I have read 1000's of posts in here....and have memorized all info, and remembered something and i have fixed it myself....WOOO HOOO For me! Thanks to all who replied and emailed me.

What did you do?

Thanks