Customers sharing contents in shopping basket

[stevesh]

Is the original customer posting a link with the zenid individually, or is he clicking some sort of Facebook thing on your site ? If the latter, it looks like this strips the zenid:

http://www.zen-cart.com/downloads.php?do=file&id=207

[mtncycling]

Is the original customer posting a link with the zenid individually, or is he clicking some sort of Facebook thing on your site ? If the latter, it looks like this strips the zenid:

http://www.zen-cart.com/downloads.php?do=file&id=207

There is no facebook or social media plugins on the site. They are grabbing the product page url to share with their friends and family. So it seems that when they open that product page url as the first page, it is showing the zenid in the bar.

I know that a member back in 2009 commented that changing the "zenid" to something else like "sesid" would solve it temporarily until another customer uses the new "sesid" in a link. But that was with ZC v1.3.0 and the file structures have changed. I checked the developers toolkit and found 4 files that hardcode the zenid but don't know if changing all of them would make a difference.

Any advice on how to proceed as I have to figure more shop owners are experiencing this. I know that Dr Byte and others have said to not post zenids when linking but I cannot see how customers would know any better.

[gilby]

What version zen-cart?
Other info from the posting tips above (when you reply)?

Check that admin->sessions->Recreate Session is set to true

[mtncycling]

Sorry didn't mean to avoid the posting tips:

Fresh install of ZC v1.50 by using the recommended zc install method and using core ftp to transfer file structure. Mods currently installed are tabbed products pro and stirling grand template. I think the template also came with column layout grid, flexible footer menu and responsive layout 1.0.

Been using 1.50 for the last 10 months with no issues. Everything works perfectly. But as our customer base grows, it is inevitable that customers will want to share our products with others. This is where this particular issue came to my attention as it was unusual for 30 or more emails to get routed with the same concern of "why their shopping baskets were having additional items added".

Under Admin - Sessions I have the following:

Session Directory /home/abtolley/public_html/cache
Cookie Domain True
Force Cookie Use False
Check SSL Session ID False
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session True
IP to Host Conversion Status true
Use root path for cookie path False
Add period prefix to cookie domain True

[mtncycling]

http://www.zen-cart.com/showthread.p...460#post894460

Can someone clarify if the above post in 2010 by Dr byte can be implemented on the front end for customers like it is for search engines. This might solve all future issues when customers post links to my sites.

[mtncycling]

Okay so after some trial and error, I decided to do a replace of all the instances of "zenid" with "sesid"in 4 files. Files inlcuded:

Code:

ipn_main_handler.php
includes/application_top.php
includes/init_includes/init_canonical.php
includes/init_includes/init_sessions.php

I tested it by clicking that facebook link with my zenid and it initially shows as zenid in the url. But on the 2nd click for any link on my site it now updates the session to "sesid" with a new id number. Using 2 browsers each one now has their own cart contents.

I know it is a workaround and wanted to know if any other files need to be modified to reflect the "sesid".

[RodG]

Under Admin - Sessions I have the following:

Force Cookie Use False

Set this to "True".

[mtncycling]

Set this to "True".

Thanks RodG, have done that just now. I remember reading the help topics from above and it was recommended to leave all other session configs as default. But hopefully this helps.

Do you know if this setting overrides the zenid session? What I am asking is as long as the customers are allowing cookies on their browsers, the zenid session will not be used at all? And to follow on that if I am right the only way this problem will show up again is if 2 or more customers who used the link disabled cookies in their browsers?

Alongside that I have reverted back from "sesid" to "zenid" in hopes the forcing cookies fixes the issue. To be honest, it was working fine from I can see with the "sesid" but I don't know if it will affect other site processes. Hopefully one of the zencart devs can chime in on this if the 4 files to replace "zenid" is the only ones needed with no other file or database modifications.

[RodG]

Do you know if this setting overrides the zenid session?

It should do (if I understand its workings correctly). I'm happy if someone corrects me on this though.

What I am asking is as long as the customers are allowing cookies on their browsers, the zenid session will not be used at all?

Correct.
However, this is the downside to setting Force Cookie Use to 'True' because if the customers don't allow cookies this will cause them all sorts of problems.

And to follow on that if I am right the only way this problem will show up again is if 2 or more customers who used the link disabled cookies in their browsers?

The zenid shouldn't show if cookies are enabled (and functioning correctly). The 'force cookie use' will effectively prevent the zenid by forcing cookie use.

Alongside that I have reverted back from "sesid" to "zenid" in hopes the forcing cookies fixes the issue. To be honest, it was working fine from I can see with the "sesid" but I don't know if it will affect other site processes. Hopefully one of the zencart devs can chime in on this if the 4 files to replace "zenid" is the only ones needed with no other file or database modifications.

Changing the 'zenid' to 'sesid' (or anything else) would only be a temporary measure to fix the root cause of the problem anyway. It would only be a matter of time before someone posts links containing their 'sesid' and you'll be back where you started.

It is my understanding that forcing cookie use will prevent the 'xxxId' from being displayed in the URL's in the 1st place. As stated, this will cause problems for those that disable cookies though.

Again, I'm no expert in this aspect of the zencart code, but I'm sure if I'm wrong someone will step in to correct me and/or clarify the issue.

Cheers
RodG

[lhungil]

Thanks RodG, have done that just now. I remember reading the help topics from above and it was recommended to leave all other session configs as default. But hopefully this helps.

Do you know if this setting overrides the zenid session? What I am asking is as long as the customers are allowing cookies on their browsers, the zenid session will not be used at all? And to follow on that if I am right the only way this problem will show up again is if 2 or more customers who used the link disabled cookies in their browsers? ...

Enabling that option forces the zenid to be stored in a cookie instead of placing it on the end of every URL. The first "link" clicked needs to have the ID (to associate the session with the user - and with their shopping cart - etc). After the first "link" all subsequent pages will no longer contain the zenid in the URL. There is a bit more going on in the details and the why, but hopefully this "high level" explanation helps. And yes as you mentioned this requires the customer to not disable cookies (I know of very few people who run with all cookies disabled).