persistent zenid and logout problem

[bikemike]

I just moved my site into production, and have been checking it out. I saw zenids on the who's online, and did some reading here which has me worried now. However is not an area I am at all comfortable with so still not sure what it proper behaviour and could do with some input.

I have done all my testing with cookies on, so never saw a zenid and did not know what they were.

If I turn cookies off, I get the zenid on any page I visit except for the home page, I see that whenever I roll over a link, it has the zenid appended. Moreover, If I re-enable cookies, I still see the zenid on all pages except the home page age, unless I log in.

Interestingly, and worryingly, if I go to the home page in a no-cookie session, I get logged out. I stay logged in if I have cookies on.

Could someone tell me what's normal and what's not, and possibly give me some guidance.

I run 1.3.6 on a host running Linux 2.6.7-smp, MySQL 4.0.27-standard-log, Apache/1.3.33 (Unix) mod_gzip/1.3.19.1a FrontPage/5.0.2.2510 PHP/4.3.11 mod_ssl/2.8.22 OpenSSL/0.9.6.

I am browsing with Firefox 2.0

thanks.

[Ajeh]

What are your session settings?

Have you an URL to your site?

[bikemike]

Have never been in here, so I send this without review.

Session Directory ...../htdocs/store/cache
Cookie Domain True
Force Cookie Use False
Check SSL Session ID False
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session True
IP to Host Conversion Status true

URL in PM

[bikemike]

and
define('STORE_SESSIONS', 'db'); // use 'db' for best support, or '' for file-based storage

[Ajeh]

I am not seeing persistent zenid ...

Were you able to fix this?

[bikemike]

Yes, if I turn cookies off I see zenid pretty much everywhere. I haven't tried any fixes, but assume from your comment though that it is not right, so hope you can see zenid and advise on how to solve it :-)

[DrByte]

Yes, if I turn cookies off I see zenid pretty much everywhere. I haven't tried any fixes, but assume from your comment though that it is not right, so hope you can see zenid and advise on how to solve it :-)

If you have cookies disabled in your browser, you will get zenid's on all your links. This is because PHP uses the zenid to track your unique browsing session. Otherwise, without session-tracking, it could never distinguish you from anyone else.

This works the same for all PHP-based sites using unique logins; however, rather than call it PHPSESS, Zen Cart calls it zenid

Solution: re-enable cookies in your browser and/or firewall software.
(Specifically, "session" cookies, which are harmless compared to "other" cookies which may contain sensitive and personal information)

[bikemike]

Thanks Dr Byte,
That's clearly what I needed to know!

I assume that the behaviour I'm seeing with ZC logging out when visiting the home page with cookies switched off is a separate issue and is not normal though?

Cheers

[DrByte]

If cookies are enabled, then you'll still see zenid's until a session is established ... ie: you click on a link to another page of your site, such as a category, product, etc.
If you click back again to the home page, you'll see that the zenid disappears again , since the session is active.

[bikemike]

OK, but I'm talking about cookies disabled, and now I am not worried about the zenid (since the zenid issue has been explained to me). What I am worried about is the state management.

I browse with cookies off, and add some product to my cart for example, browse some more and add more to cart, and my cart grows accordingly. Now, if I happen to visit the home page then my menu options have changed, and indeed my cart is empty. Likewise, if I sign up, and am logged in, but click the home page, I'm then signed out. This does not happen with cookies on.

So it seems to me that somehow the session (as I am calling it) is dumped from the main page when cookies are off.