We are having problems with losing our session when going from a non-ssl page to an ssl page using oscommerce. We also lose our session just being a guest and adding items to the shopping cart. In both instances you can place an item in your cart and then go to check out and it shows that you do not have any items in your cart - sometimes it will even log you out and send you back to the main page as guest but then when you go back to a ssl page (even without logging in) it brings your account info back up and sometimes you have items in your cart and other times there is still nothing in your cart.

Things we have done:

Per powweb we have added our own sessions folder under htdocs plus placed a php.ini file that points to that sessions folder

Per the forums on powweb we have:
1. made sure that the "register_globals = on" in the php.ini file

2. we have made the following changes to the includes/configure.php file

define('HTTP_SERVER', 'http://replacementradios.com');
define('HTTPS_SERVER','https://replacementradioscom.secure.powweb.com');
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'replacementradios.com');
define('HTTPS_COOKIE_DOMAIN','replacementradioscom .secure.powweb.com');
define('HTTP_COOKIE_PATH', '/ecomm/catalog/');
define('HTTPS_COOKIE_PATH', '/ecomm/catalog/');
define('DIR_WS_HTTP_CATALOG', '/ecomm/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/ecomm/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES .'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES .'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG','/www/r/e/replacementradios.com/htdocs/ecomm/catalog/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Any thoughts or ideas of what we have missed or something else that we need to change? Thanks in advance for any help.

Do you have Force Cookie Use set to True in admin? If so, set it to False. You can't use that with shared SSL.

Thanks stevel. That did the trick. I appreciate your help.

Kru,

I'm having the exact same problem that you described. I've all that you've mentioned in your original post except for the "Per powweb we have added our own sessions folder under htdocs plus placed a php.ini file that points to that sessions folder" part. What exactly do I need to do there?

BTW: I'm still using the xxxx.temp.powweb.com url.

Hey!!!! it works now. All I did was prefix the site url with www. and all is good so far!

define('HTTP_SERVER', 'http://www.mysite.temp.powweb.com');
define('HTTPS_SERVER', 'https://www.mysite.secure.powweb.com');
define('HTTP_COOKIE_DOMAIN', 'www.mysite.temp.powweb.com');
define('HTTPS_COOKIE_DOMAIN' 'www.mysite.secure.powweb.com');

That doesn't look right to me. The HTTP_xxx entries should be your own domain name and not a temp.powweb.com. The HTTPS_xxx entries should not start with www.

I also recommend setting STORE_SESSIONS to 'mysql' in the two configure.php files.

I do have the STORE_SESSIONS set to 'mysql'.

As for the temp URL I agree. It's that I just signed up and my domain name transfer is not completed yet but I wanted to get the site installed anyway.

This is what I have in my configure.php

define('HTTP_SERVER', 'http://mysite.temp.powweb.com');
define('HTTPS_SERVER', 'https://mysite.secure.powweb.com');
define('HTTP_COOKIE_DOMAIN', 'www.mysite.temp.powweb.com');
define('HTTPS_COOKIE_DOMAIN', 'www.mysite.secure.powweb.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');

If I remove the www. in the xx_COOKIE_DOMAIN entries I loose my cart when going from SSL to non-SSL.

My mistake on the last post, I do not have www. in the xxx_SERVER entries.

Where can I get the information regarding "Per powweb we have added our own sessions folder under htdocs plus placed a php.ini file that points to that sessions folder" posted by Kru?

OK, I found the php.ini file the tutorial section. Not sure what to change though!

Don't fiddle with php.ini - you don't need it.

I'm astonished that removing the www causes the session to be lost, but hey, if it works, it works.