Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,041
    Plugin Contributions
    5

    Default trying to understand SESSION_FORCE_COOKIE_USE

    i have read a bunch on this, and i still trying to understand this config value.

    allow me to give an example, i'm creating a new script that will add a particular product to a cart; and then the bring the user to the shopping cart page. this link would be used in a marketing email. however, if SESSION_FORCE_COOKIE_USE is set to TRUE, it will not work, as the session only gets set on the 2nd click on a particular site. the code is from here:

    includes/init_includes/init_sessions.php

    PHP Code:
    if (SESSION_FORCE_COOKIE_USE == 'True') {
      
    setcookie('cookie_test''please_accept_for_session'time()+60*60*24*30$path, (zen_not_null($cookieDomain) ? $domainPrefix $cookieDomain ''), $secureFlag);

      if (isset(
    $_COOKIE['cookie_test'])) {
        
    zen_session_start();
        
    $session_started true;
      } 
    setcookie returns true or false (not indicative of whether the user accepts the cookie, just that is was properly set). but we choose not to use that return value. so that it is only on the 2nd click that the session gets started assuming that the user has accepted the cookie.

    now, if a user decides to not accept cookies, that is one thing. if you do not accept cookies, i think you are limited in your shopping experience that one can do.

    now there also seems to be some code if this value is set to FALSE, and you have different domains for your NON SSL site v your SSL site; ie http://mysite.com and https://www.mysite.com, ZC will append the session id to the url as a _GET var.

    my question is what is the real implication of setting this var to False? and what is the point of waiting to see if the user has accepted the cookie in order that we start the session?

    thanks in advance.
    help with WCAG is now here! PM if you want some help with this. (or any ZC issue).
    if you feel so inclined, feel free to send some cake....

  2. #2
    Join Date
    Jul 2012
    Posts
    16,024
    Plugin Contributions
    17

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    So to be clear, default setting is false.
    When false, a session is "maintained" by whatever means necessary basically. Basically attempt to set a cookie, if not successful then retain the session on the url.

    Impact? When set to false, spiders can be (though don't have to be) filtered by the information they provide. The session is started out right and later as urls are generated, the session info is added to the url provided that as described some characteristics are met where it may be expected that the session id would change.

    As to the pause on the cookie aspect, I see it as how can one claim that the session information is being tracked by a cookie and therefore that when forcing cookie usage that it is in use if one doesn't first validate that the cookie is being used? Until then, there are a few pages that can't directly be visited because afterall need some sort of session.

    My 2 cents.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  3. #3
    Join Date
    Jan 2004
    Posts
    66,350
    Blog Entries
    7
    Plugin Contributions
    271

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    Quote Originally Posted by carlwhat View Post
    i'm creating a new script that will add a particular product to a cart; and then the bring the user to the shopping cart page. this link would be used in a marketing email
    It feels like you're over-complicating things.
    Why do you need a new script?

    In a fresh install, simply calling example.com/index.php?main_page=any_valid_page&action=buy_now&products_id=168 will add the item to the cart and go to the shopping-cart page.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #4
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,041
    Plugin Contributions
    5

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    Quote Originally Posted by DrByte View Post
    It feels like you're over-complicating things.
    Why do you need a new script?

    In a fresh install, simply calling example.com/index.php?main_page=any_valid_page&action=buy_now&products_id=168 will add the item to the cart and go to the shopping-cart page.
    ok, allow me to back up a bit.

    • it's not a new script.
    • the site has moved to a new server.
    • the script worked on the old server.
    • its not working on the new server.
    • i tracked my initial problem down to sessions.
    • i did not know/think about the link that you generated/created (learn something new every day).
    • the link you provided is doing the exact same behavior (a bug that i am trying to fix) as my script.
    • once your url link is constructed, if you paste the url into a browser window, it works fine.
    • if you click the link from an email, you get to the shopping cart and there is nothing there.
    • i have tested using http: and https:; both links demonstrate the same behavior. the site is completely https.
    • it suggests to me a problem with the server config.


    i'm open to suggestions....

    thanks in advance.
    help with WCAG is now here! PM if you want some help with this. (or any ZC issue).
    if you feel so inclined, feel free to send some cake....

  5. #5
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,041
    Plugin Contributions
    5

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    i am making some headway, but it still gets quite confusing. i have shorted the link at as such:

    mysite.com/shopping_cart?action=buy_now&products_id=11922

    when i look at the sessions table, i now have the following data (security token removed and sesskey truncated):

    Code:
    -------->22g1tbpufd1gt7qq4.....<--------- 2020-07-11 09:07:45
    securityToken|s:32:"...";customers_host_address|s:35:"cpe-172-117-255-16.socal.res.rr.com";cartID|s:0:"";cart|O:12:"shoppingCart":13:{s:8:"contents";a:1:{i:11922;a:1:{s:3:"qty";d:1;}}s:5:"total";i:0;s:6:"weight";i:0;s:6:"cartID";s:5:"27217";s:12:"content_type";b:0;s:18:"free_shipping_item";i:0;s:20:"free_shipping_weight";i:0;s:19:"free_shipping_price";i:0;s:14:"download_count";i:0;s:22:"total_before_discounts";i:0;s:22:"display_debug_messages";b:0;s:23:"flag_duplicate_msgs_set";b:0;s:32:"flag_duplicate_quantity_msgs_set";b:0;}check_valid|s:4:"true";navigation|O:17:"navigationHistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:13:"shopping_cart";s:4:"mode";s:3:"SSL";s:3:"get";a:2:{s:6:"action";s:7:"buy_now";s:11:"products_id";s:5:"11922";}s:4:"post";a:0:{}}}s:8:"snapshot";a:0:{}}language|s:7:"english";languages_id|s:1:"1";languages_code|s:2:"en";layoutType|s:6:"legacy";currency|s:3:"USD";new_products_id_in_cart|s:5:"11922";analytics|a:2:{s:6:"action";s:11:"Add to Cart";s:4:"item";a:6:{s:9:"productID";i:11922;s:11:"productName";s:20:"2010 Chateau Hosanna";s:8:"category";s:19:"Bordeaux Red";s:5:"brand";s:15:"Chateau Hosanna";s:10:"productQTY";i:1;s:7:"variant";s:3:"n/a";}}
    
    
    -------->dsg59kfhre9uq3c68i....<--------- 2020-07-11 09:07:45
    securityToken|s:32:"...";customers_host_address|s:35:"cpe-172-117-255-16.socal.res.rr.com";cartID|s:0:"";cart|O:12:"shoppingCart":12:{s:8:"contents";a:0:{}s:5:"total";i:0;s:6:"weight";i:0;s:12:"content_type";b:0;s:18:"free_shipping_item";i:0;s:20:"free_shipping_weight";i:0;s:19:"free_shipping_price";i:0;s:14:"download_count";i:0;s:22:"total_before_discounts";i:0;s:22:"display_debug_messages";b:0;s:23:"flag_duplicate_msgs_set";b:0;s:32:"flag_duplicate_quantity_msgs_set";b:0;}check_valid|s:4:"true";navigation|O:17:"navigationHistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:13:"shopping_cart";s:4:"mode";s:3:"SSL";s:3:"get";a:0:{}s:4:"post";a:0:{}}}s:8:"snapshot";a:0:{}}language|s:7:"english";languages_id|s:1:"1";languages_code|s:2:"en";layoutType|s:6:"legacy";currency|s:3:"USD";today_is|s:10:"2020-07-11";updateExpirations|b:1;session_counter|b:1;customers_ip_address|s:14:"172.117.255.16";valid_to_checkout|b:1;cart_errors|s:0:"";
    the first session has the shopping cart. but the browser now has the second session key as the zenid cookie. so a new session is getting created after the item is added to the cart. and i'm trying to figure out how/why.

    appreciate any help.
    help with WCAG is now here! PM if you want some help with this. (or any ZC issue).
    if you feel so inclined, feel free to send some cake....

  6. #6
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,881
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    One of the main reasons that SESSION_FORCE_COOKIE_USE fails is some incorrect server configuration.
    Usually a mismatch between your websites domain and it's actual host address.

    You say that the code you are working on runs fine without SESSION_FORCE_COOKIE_USE
    Do you see a zenid in your urls ?
    Can you use a browser tool (such as firefox web developer storage inspector) to examine any cookies that Zen Cart is setting/trying to set.
    look at the Cookie Domain and Cookie Path. Do the setting make sense for your site.

  7. #7
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,041
    Plugin Contributions
    5

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    Quote Originally Posted by wilt View Post
    One of the main reasons that SESSION_FORCE_COOKIE_USE fails is some incorrect server configuration.
    Usually a mismatch between your websites domain and it's actual host address.

    You say that the code you are working on runs fine without SESSION_FORCE_COOKIE_USE
    Do you see a zenid in your urls ?
    Can you use a browser tool (such as firefox web developer storage inspector) to examine any cookies that Zen Cart is setting/trying to set.
    look at the Cookie Domain and Cookie Path. Do the setting make sense for your site.
    wilt,
    thanks for taking a look.

    here's what i have so far:

    • SESSION_FORCE_COOKIE_USE is set to false
    • pretty sure the problem does not lie there
    • there are 2 sessions getting created and inserted into the sessions table for 1 click of the link.
    • session.auto_start is set to false; plus i see there are ZC auto start warnings that are not getting triggered.
    • the zenid is not in the url.
    • when i examine the cookies, the cookie domain looks ok. there is no www; and it starts with a period. but the server is configured to route all www traffic to mydomain.com. plus the link is mydomain.com.
    • all of the cookie paths are set to a single slash (/).
    • not really sure what you mean by a mismatch between the websites domain and actual host address. are you suggesting a dns problem? a hostname problem? not sure how the host name would be a problem. i host multiple domains on this server. my test server has 5 different virtual hosts; that server does not exhibit the same behavior.
    • if you could be clearer, i can explore and let you know.


    thanks again for the help.

    best.
    help with WCAG is now here! PM if you want some help with this. (or any ZC issue).
    if you feel so inclined, feel free to send some cake....

  8. #8
    Join Date
    Jan 2004
    Posts
    66,350
    Blog Entries
    7
    Plugin Contributions
    271

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    Quote Originally Posted by carlwhat View Post
    • not really sure what you mean by a mismatch between the websites domain and actual host address.
    eg: HTTP_SERVER = example.com
    but server vhost = www.example.com
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,041
    Plugin Contributions
    5

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    from zc configure file:

    Code:
    define('HTTP_SERVER', 'https://example.com');
    define('HTTPS_SERVER', 'https://example.com');
    from /etc/apache2/sites-available files:

    Code:
    ServerName  example.com
    ServerAlias  www.example.com
    the above is the same for the non vhost on port 80 as well as the vhost on port 443.
    help with WCAG is now here! PM if you want some help with this. (or any ZC issue).
    if you feel so inclined, feel free to send some cake....

  10. #10
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,041
    Plugin Contributions
    5

    Default Re: trying to understand SESSION_FORCE_COOKIE_USE

    i think i have finally solved this problem.

    the server enforced a samesite setting of strict on the cookies. changing this setting to Lax resolved the issue.

    again, thanks for the help. it was appreciated.

    best.
    help with WCAG is now here! PM if you want some help with this. (or any ZC issue).
    if you feel so inclined, feel free to send some cake....

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v139h trying to understand ezpages and define_page_2
    By stitchnkitty in forum General Questions
    Replies: 4
    Last Post: 16 Apr 2014, 04:08 PM
  2. Trying to understand shipping
    By flinx777 in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 24 Mar 2011, 03:43 AM
  3. Trying to understand how flash works
    By Osiyo in forum Templates, Stylesheets, Page Layout
    Replies: 1
    Last Post: 15 Sep 2008, 05:44 PM
  4. Trying to Understand Option/Attribute Sort
    By webomat in forum Setting Up Categories, Products, Attributes
    Replies: 6
    Last Post: 19 Nov 2006, 05:22 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR