Force Cookie Use

**DML73** · 13 Aug 2014, 05:37 PM

I was wondering if somebody could explain exactly what enabling "Force Cookie Use" does? (Admin -> Configuration -> Sessions - Force Cookie Use).
What exactly are the advantages and disadvantages?
When is it recommended to enable, when is it not?

**yaritai** · 14 Aug 2014, 01:29 PM

Originally Posted by DML73

I was wondering if somebody could explain exactly what enabling "Force Cookie Use" does? (Admin -> Configuration -> Sessions - Force Cookie Use).
What exactly are the advantages and disadvantages?
When is it recommended to enable, when is it not?

Use google to search within zencart for topics on that setting.

Bascially the only times I was forced to switch this to TRUE was in cases where site links were posted online with the "zenid" attached. When this happens ALL customers who use that link will share the same shopping cart which can make the cart look unprofessional when items are in there that were not added. So by switching it to true it avoids having the issue above happen.

**DML73** · 14 Aug 2014, 05:57 PM

Thanks, I did a Google search and came up with this:

http://forums.oscommerce.com/topic/3...hould-lose-it/

According to this, it sounds like the best option is to enable "Force Cookie Use", provided that SSL and the site is setup properly.

Im wondering if some of the experts here can agree about that?

**lhungil** · 14 Aug 2014, 07:30 PM

Originally Posted by DML73

... "Force Cookie Use" does? (Admin -> Configuration -> Sessions - Force Cookie Use).
What exactly are the advantages and disadvantages? ...

Basically it controls how the session id (identifies the end user's login, shopping cart, etc) is sent from the visitors web browser to the server.

In Zen Cart 1.5.0 - 1.5.3:

zenid = session id

Enabled

If no session id (cookie), server creates new session
If session id (cookie) load session using the session id
If no cookie, server requests the visitors browser set a cookie containing the session id
Content is sent to the website visitor

Enabling the feature will break things for those with cookies disabled (or filtered)... But ensures visitors never see the session id in the URL (or copy / paste the URL w/ session id)... They could still grab the session id from the cookie (as could any proxies).

Disabled

If no session id (cookie or URL), server creates new session
If session id (cookie or URL) load session using the session id
If no cookie, server requests the visitors browser set a cookie containing the session id
If no cookie, server adds the session id to the URL
Content is sent to the website visitor

This allows visitors with cookies disabled (or anti-virus / anti-malware programs blocking / cleaning the cookies) to function. But it also lets the visitor potentially see a URL with the zenid and copy / paste / share the URL with friends (and thus share the session as well until the session expires).

Since at least Zen Cart 1.3.9h, a canonical link is generated for each page and will never contain the zenid (search engines use the canonical link as a strong hint of the correct URL to display in Search Results). The canonical link should also be used with OpenGraph tags (to control the URL shown in social media when someone copy / pastes).

Additionally, one can request search engines not index URLs containing ?zenid= (I currently do this) in the robots.txt.

**DML73** · 15 Aug 2014, 12:53 AM

Thank you for the information. So since most people does allow cookies, I understand that there is no real disadvantage in enabling "Force Cookie Use". Is that correct?

The reason I would like to enable it is because I continously see my customers link to my URLs with a link which includes the zenid, and also shares URLs containing the zenid.
Even its only the two first landing pages which contains the zenid my customers always somehow manage to use the URL with the zenid.

**yaritai** · 15 Aug 2014, 02:29 AM

I have read some argue that point of the zenid only being shown on the first landing page so it should not cause an issue. But as a site grows and many reference a site to share with others, the issue becomes more glaring. This is especially true when those save the product pages in bookmarks which it will then be the first landing page and have the zenid. The canonical links do remove it but not everyone searches to get the link.

**Mega Moonshine** · 21 Aug 2014, 07:00 AM

@lhungil, you mentioned this:

Additionally, one can request search engines not index URLs containing ?zenid= (I currently do this) in the robots.txt.

Could you show an example how this is done in the robots.txt file?

Thanks in advance!

**mprough** · 21 Aug 2014, 04:04 PM

Unfortunately, blocking zenid in robots.txt does not prevent indexing.... only crawling.

You can however, add the string zenid= in Google webmaster's tools to be ignored

~Melanie

**Mega Moonshine** · 1 Sep 2014, 08:43 PM

@mprough (aka Melanie) - Thanks for the tip on this!

add the string zenid= in Google webmaster's tools to be ignored

Thread: Force Cookie Use

Thread Tools

Search Thread

Display

Force Cookie Use

Re: Force Cookie Use

Re: Force Cookie Use

Re: Force Cookie Use

Re: Force Cookie Use

Re: Force Cookie Use

Re: Force Cookie Use

Re: Force Cookie Use

Re: Force Cookie Use

Similar Threads

Atos Payment Module not working with Force cookie use set to true

Cookie use problems

Posting Permissions