Printable View
After installing CEON URI the session is wiped when a customer tries to log in - meaning, login is impossible. I traced this down to init_sessions.php in includes/init_inludes/overrides. The only thing that file does is to force the cookie path to be set to root "/" (Zen Cart resides in "/purchase/" in my case). Apparently that doesn't work, but I have not been able to identify why. What are common reasons that setting cookie path to root fails?
Not sure that this is related to this module.. That said can you start by double checking your install and make sure you have EVERYTHING installed correctly???Quote:
Originally Posted by flyvholm
I've done the installation twice, both checked out fine. Static URIs are working too. They also appear to work if I delete the init_sessions.php override. I see your point that it probably isn't related to the module - setting cookie path to root could well fail in any case. Do you have ideas what's happening here nevertheless? It might still save somebody else from pulling hair out after installing CEON...
The CEON URI Mapping module must use the site root "/" as cookie path to work properly. My Zen Cart resides in "/purchase/". Unfortunately, when setting cookie path to root, customer login doesn't work in my case - the session is simply wiped when attempting login. Writing out session data with file_put_contents() reveals that the session is wiped after calling PHP header() for the redirect after login (/includes/functions/functions_general.php line 46), but before arriving at /purchase/index.php. Not sure how to do further troubleshooting.
Just in case, here are my admin session settings:
Session directory => /path/to/root/purchase/cache
Cookie domain => true
Force cookie use => false
Check SSL session id => false
Check user agent => false
Check IP address => false
Prevent spider sessions => true
Recreate session => true
IP to Host Conversion Status => true
Use root path for cookie path => false (but overridden by CEON module)
Add period prefix to cookie domain => true (setting this to false made no difference)
Any ideas what's causing the session reset and/or suggestions for how to troubleshoot further?
FYI: Moderator split this to its own discussion thread since it appears to be a session issue not directly related to CEON.
Little late to the party, but do you have multiple stores in the same domain (or just this one)? Are you using a dedicated SSL certificate (or the hosts shared SSL certificate)? Does the same behavior occur with "Force Cookie Use = true"?Quote:
Originally Posted by flyvholm
Any response appreciated! Just one store on the domain, dedicated SSL certificate. Forcing cookie use brings up a (Zen Cart) page saying that the browser has disabled cookies, meaning the issue persists. It is not Zen Cart destroying the session, it is done by PHP's header() function when redirecting after login. So for some reason PHP is able to store cookies when cookie path is set to "/purchase", but not when it is set to "/". The SSL certificate is for the root.
Have you tried also setting "Use root path for cookie path" to true (to match what you are seeing the CEON module do)?
Yes, setting the cookie path to root in Zen Cart admin does the exact same thing as the CEON override and gives the same result.
By the way, on my local copy of the website hosted with XAMPP I can use root as cookie path without issues. So it may be something server specific.
OK, granted I do not use this version of Zen but am curious that the program does not do the .htaccess like 1.3.9h does. This is what my file looks like, it rests in the root of the server but the info directs to the subdirectory that the store lives in
## BEGIN CEON URI MAPPING REWRITE RULE
RewriteEngine On
# ONLY rewrite URIs beginning with /market/
RewriteCond %{REQUEST_URI} ^/market/ [NC]
Did yours not do that?
As you can see the file points to the stores directory but lives in the root of the server---UNLESS I totally misunderstood, which is highly possible...LOL
EVERYONE...have a safe and happy Turkey Day.
99% likely to be server-specific, and that includes how you've configured the vhost/domain in Apache and apache as a whole, and PHP.Quote:
Originally Posted by flyvholm
I'm revisiting my cookie issue... to recap, the problem is that sessions are lost when I set the cookie path to root. For this reason I've had to leave the init_sessions.php override out of my CEON install (setting cookie path to root is the only thing this override does). Consequence is that Zen Cart carries around "zenid=..." in the URI... or at least that is supposed to be the case. I have the opposite happening to me: On the live website (https://www.astralisproductions.com/purchase) the zenid is not added to the URI even though the cookie path isn't root (verified by inspecting the cookie stored in Chrome). Conversely, my XAMPP localhost copy of the website does have cookie path set to root (and doesn't lose sessions), but adds zenid to every URI nevertheless.
I'd love to know what's happening. How/where does Zen Cart check for cookie availability?
If I understood the above correctly, seems like you were saying that the "disappearance" of the zenid was unepected and that it staying in the uri was expected... That is quite the opposite if that was the intended description. The index.php file if I remember correctly or perhaps includes/application_top.php is the first to pick up on the condition of the zenid... Looking through at least get and post.Quote:
Originally Posted by flyvholm
Settings related to this may need to be different in both the live and development sites unless everything about the configuration and installation of the the server's software is the same...
Unexpected in both cases: It appears on localhost where cookie path is root, but disappears on the live site where cookie path is not root. Should be the other way around.Quote:
Originally Posted by mc12345678
So Zen Cart uses the PHP predefined constant 'SID' (session id) to determine if zenid should be added to the URI. 'SID' is empty when a cookie with the session ID is available (says PHP manual). In the case of my localhost copy I see the cookie with the correct session id in Chrome, and its path is root, meaning it is supposedly available on the entire domain. Yet 'SID' contains the zenid as if the cookie isn't there. I simply don't know what can prevent PHP from recognizing the cookie?Quote:
Originally Posted by mc12345678
I notice from your other discussion threads that you've got some unique stuff going on with your server configs and customizations you've made to the code.
So ... just to verify something ... if you remove CEON URI and your URL rewriting rules and the code you've customized to do different things with sessions, then the cookie-path stuff all works correctly again, right?
I would also concur that the problem is related to server permissions not allowing the cookie to be set in the root.
I have found this issue (login goes straight to "cart is empty") on a local server only, and not on every version of xampp, so have put a clause in there to deal with it. As my shop is in a subdirectory and locally I use virtual hosts/dynamic dns/password on the folder access/ip filtering...this was the easier fix to ensure it works everywhere!
init.sessions.php
PHP Code:$path = (defined('CUSTOM_COOKIE_PATH')) ? CUSTOM_COOKIE_PATH : $path;
// BEGIN CEON URI MAPPING 1 of 1
// Static URIs are relative to the site's root, so cookie should be set for the root
if ( !file_exists('includes/local/configure.php') && defined('CEON_URI_MAPPING_ENABLED') && CEON_URI_MAPPING_ENABLED == 1 ) { //steve added the clause
$path = '/';//steve was breaking login session on local server
}
// END CEON URI MAPPING 1 of 1
$domainPrefix = (!defined('SESSION_ADD_PERIOD_PREFIX') || SESSION_ADD_PERIOD_PREFIX == 'True') ? '.' : '';