IE11, Chrome: Sticky zenid on a store that is https-all-the-time

[lat9]

Sigh ... so I've tried both methods for removing that sticky zenid ... and no joy.

I've currently got HTTPS_SERVER == HTTP_SERVER == 'https://thesite.com' and ENABLE_SSL set to false

That's in conjunction with the change that @webchills suggested. Chrome apparently has a deep-seated affection for the zenid parameter on this site.

[webchills]

@lat 9
You have posted that you have:
session.use_only_cookies On On
Can you set session.use_only_cookies to false and see if that makes a difference?
On a sidenote I found session.use_only_cookies on in PHP 5.3 causes serious login issues in the admin when a shared SSL is used, so I would disable that by default.

[lat9]

@webchills, that changed the behavior but didn't actually fix it. I created the file /includes/extra_configures/set_session_use_only_cookies.php containing:

Code:

<?php
ini_set ('session.use_only_cookies', '0');

With this value set (I've previously made your change to zen_href_link and DrByte's change to the configure.php file), both Chrome and IE11 keep the zenid parameter after login ... until the very first non-SSL page (e.g. returning home) is accessed. At that point, the zenid disappears and doesn't return for the duration of the session.

[webchills]

I would try to let ENABLE_SSL in the configure on true and only make the html_output changes. And put a .htaccess rewrite rule as described in the configuration here:
https://www.zen-cart.com/showthread....87#post1298387
That fixed it in all stores I know.
If that doesn' t work for you I'm running out of ideas here

[lat9]

Thanks, webchills. Unfortunately, nothing has changed. When I go to the site's main page (using https protocol), there's no zenid added until I click the "Login" button. At that point, the zenid sticks until I navigate to a non-SSL page (like clicking the "Home" link). Once I've gone from SSL->NONSSL after the login, the zenid disappears.

Again, this occurs only on Chrome and IE11, not on FireFox.

[DrByte]

What are all the session settings in your store, under Admin->Configuration->Sessions?

(Don't go messing with them, just report what they are.)

Sometimes certain servers (especially stores running in subdomains) require changing the way the cookie is set.

And sometimes the problem is ONLY a result of a corrupted cookie on your computer, and clearing cookies out of the browser makes the whole problem go away. (Did you recently change/renew SSL certificates or change servers, etc?)

[lat9]

Thanks, DrByte, this is driving me mad! I posted the site's Configuration->Sessions and the PHP session configuration in the first post of this thread. The only thing that's changed from that posting is that I now set the session.use_only_cookies to 0.

The SSL cert's been active for "a while" (not recently changed) and the hosting has been constant for the past year.

I don't tend to use IE11 (unless I have to) or Chrome (except to debug stuff), so there shouldn't be any stale cookies lying about, but I'll reset the cookies on both browsers just to be sure.

It's weird, because there's no stickiness to the zenid when the site's accessed via FireFox.

[pexter]

I had the exact same problem and just found my solution in another thread:

"Change the "Force cookie use" (in Admin > configuration, sessions) from false to true."

Hopefully this saves some time for others