[Done 160] V154 & V155 cookies off zenid changing w every page change. add item fails

In V154 and 155. I have been testing with cookies refused. I have discovered that the Session id zenid changes every time you click on a link. I have tested this in fire fox and crome and both have the same issue. This I think then causes a whoops time out message to be displayed when you try to add an item to the cart.

I store the session info in the database and the session record is being created and destroyed for each new click.

You can see this if you turn off cookies and then go to the site then hover over a link you will see that the session id has changed for the next click.

I had to click once to get a zenid but from then on all the links have a different zenid.

I assume for a session to work the new links should have the same zenid (session id).

Not a bug.

If your store is set to require cookies but you turn cookies off in your browser, then it's not going to work.
Simple solution: don't do that.

Question: why are you doing that?

Store is not set to require cookies. Force cookie use is false. Should it be true?

I was testing it because a number of customers complained that they could not add items to the basket. I was guessing that they had turned cookies off.

Quote:

---

Originally Posted by DrByte

Not a bug.

If your store is set to require cookies but you turn cookies off in your browser, then it's not going to work.
Simple solution: don't do that.

Question: why are you doing that?

---

I can make it work by changing init_sessions.php about line 51.
from

PHP Code:

---

if (isset($_POST[zen_session_name()])) {
  zen_session_id($_POST[zen_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
  zen_session_id($_GET[zen_session_name()]);
} 


---

to

PHP Code:

---

if (isset($_POST[zen_session_name()])) {
  zen_session_id($_POST[zen_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
  zen_session_id($_GET[zen_session_name()]);
  /* else if added Mjfb*/
} elseif (isset($_GET[zen_session_name()])) {
    zen_session_id($_GET[zen_session_name()]);
} 


---

Does this break the certification for zen cart?
Also it does not appear to show the cookies required page any more. Just goes to whoops your session has timed out (time out page).

What template is/was used in your testing? Does this occur in the default template for these two stores (when you don't have the extra code added to the init_session.php file?)

Seeing as you are a long time forum member, what is the history of upgrade including process(es) used?

I performed a fresh install of 155 on my test machine with the test data and it has the same problem on that.
I was using the responsive classic template on that. I have tried classic green and get the same issue goes to index.php?main_page=time_out&zenid=co24rosqf910i1i5eg8u9r9i37 when trying to add to cart. the links all have &zenid=g3a5efvifobos3q6g2ojcokq75 so will have same issue.

For the live site I started life as 1.3.0 and has been upgraded through all the releases to 1.5.4 it now uses a modified responsive sheffield blue template.

Hi Mark

Do you have settings in Apache to do any kind of redirects.
Also would you mind telling us who your host is.

the zen cart is in a sub directory of the main site.
The htaccess settings on the top level directory are

Code:

---

#reset default page
DirectoryIndex index.php


Options +FollowSymlinks

# allow URl rewriting

RewriteEngine on


#change htm to php

RewriteRule ^(.*)\.htm$ $1.php

# stop pages being taken

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?schoolofinnerlight\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?innerlightcrystals\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?innerlighttherapies\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?innerlightworkers\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?.*\.lotuslight\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?theangelicartoftransformation\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?angelicmultidimensionalhealing\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?lotuslight\.co\.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?alexa\.com/.*$ [NC]
Rewritecond %{HTTP_REFERER} !^http://(www\.)?images\.google.*$ [NC]
Rewritecond %{HTTP_REFERER} !^http://(www\.)?translate\..*$ [NC]
Rewritecond %{HTTP_REFERER} !^http://(www\.)?joyousisle\.com/.*$ [NC]
RewriteRule .*\.(jpg|gif|bmp|png)$        -                  [F,NC]

RewriteCond %{HTTP_HOST} !^innerlightcrystals\.co\.uk$ [NC]
RewriteRule .? http://innerlightcrystals.co.uk%{REQUEST_URI} [R=301,L]

---

My host is Ukhost4u. My site is http://innerlightcrystals.co.uk/sales/

My test server is Ubuntu run as a virtual machine (oracle vbox). I have removed all the rewrites and I still have the same issue on 155a running classic green or responsive classic. If you need more details of the virtual machine please let me know.

If any of the info in the code section should not be public please remove it for me.

Thanks

Any movement on this? If not a fault do I need to have specific setting?

If you turn off ENABLE_SSL does the problem go away?
(The code-change you posted suggests that your server isn't properly representing SSL.)


Additionally, is your html_output.php function file altered in any way?