Opencart cart across multiple stores with different subdomains - session

Hi have a single opencart install setup with several stores with different subdomains (all under the same domain). I want customers to be able to put items in the cart on one site, then move onto the next and put in more or even subtract, till eventually a customer checkouts out on any store. Note products might appear in one store but not another.
I notice opencart does this somewhat. ie it will bring products already in the cart to the next store but only if the products appear in both stores. Further if a customer then deletes one of the items and moves back to the same store, they product reappears.
First Problem seems to firstly be products in the cart are being displayed through what i guess is a query that selects products by store_id. I have had a hard look to see if i can find anything but am at a loss.
Second problem seems to be with the contents of the session. I am still learning php and am a bit confused of how to even attempt to modify how the session works.
Can anyone please provide some guidance on how i can go about fixing/changing this.

OpenCart stores all these information in you PHP session. Since your stores are located under different subdomains, the PHP session changes when you switch from one store to another.
So the first thing you need to do is to share the session between all subdomains. By default, PHP uses the 'PHPSESSID' cookie to propagate session data across multiple pages, and by default it uses the current top-level domain and subdomain in the cookie declaration.
Example: www.domain.com
The downside to this is that the session data can't travel with you to other subdomains. So if you started a session on www.domain.com, the session data would become unavailable on forums.domain.com. The solution is to change the domain PHP uses when it sets the 'PHPSESSID' cookie.
Assuming you have an init file that you include at the top of every PHP page, you can use the ini_set() function. Just add this to the top of your init page:
ini_set('session.cookie_domain',
substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
This line of code takes the domain and lops off the subdomain.
Example: forums.domain.com -> .domain.com
Now, every time PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains!
You might also need to make some little modifications to the OpenCart's core in order to make it work.
Have fun :)

After Tohids help I have the following solution, hopefully it helps others. I added the cookie_domain code line to the session.php file and also added or changed the cookie name wherever the setcookie function was used to cover the currency and language cookies.
open \system\session.php
find;
ini_set('session.use_cookies', 'On');
ini_set('session.use_trans_sid', 'Off');
insert after;
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
open \index.php
find;
if (!isset($request->cookie['language']) || $request->cookie['language'] != $code) {
setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $request->server['HTTP_HOST']);
}
replace with;
if (!isset($request->cookie['language']) || $request->cookie['language'] != $code) {
setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
}
find;
if (isset($request->get['tracking']) && !isset($request->cookie['tracking'])) {
setcookie('tracking', $request->get['tracking'], time() + 3600 * 24 * 1000, '/');
}
replace with;
if (isset($request->get['tracking']) && !isset($request->cookie['tracking'])) {
setcookie('tracking', $request->get['tracking'], time() + 3600 * 24 * 1000, '/', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
}
open system\currency.php
find;
if (!isset($this->request->cookie['currency']) || ($this->request->cookie['currency'] != $currency)) {
setcookie('currency', $currency, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
}
replace with;
if (!isset($this->request->cookie['currency']) || ($this->request->cookie['currency'] != $currency)) {
setcookie('currency', $currency, time() + 60 * 60 * 24 * 30, '/', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
}

Very Easy Solution! Share the login session across the subdomains
OPEN FILE: system/library/session.php
FIND LINE: session_set_cookie_params(0, '/');
APPEND : session_set_cookie_params(0, '/','.DOMAIN.COM);
Make sure to include the period "." before DOMAIN.COM
That's it... Now login sessions started on www.domain.com is shared with www.sub.domain.com

Related

laravel 6 csrf token expired in every 60 seconds?

I am using laravel 6.I Want my laravel CSRF Token expire in every 60 seconds.
config/session
'lifetime' => 60,
First of All, CSRF is stored in XSRF-TOKEN cookie. Ref: 50904763
According to the question (Ref: 51615122), We change the configuration in app/Http/Middleware/VerifyCsrfToken.php by adding a new method named addCookieToResponse
use Symfony\Component\HttpFoundation\Cookie;
public function addCookieToResponse($request, $response) {
$config = config('session');
$session_life = env('CSRF_LIFE');
$response->headers->setCookie(
new Cookie(
'XSRF-TOKEN', $request->session()->token(), $this->availableAt($session_life),
$config['path'], $config['domain'], $config['secure'], false, false, $config['same_site'] ?? null
)
);
}
where $config is used to get session information from existing lifetime. However, I parse $session_life from .env to make sure you can customize as much as you can.
So, the result is simple, configure everything as belongs but in area $this->availableAt($session_life) where session_life is in seconds.
So, please set session_life to 60 in .env as below:
CSRF_LIFE="60"
After you save and refresh your page, or clean cache and configs, Session LifeTime will be two hours but CSRF will be only 60 secs.
Hope this works.
After long testing I end up something, that you put in the lifetime option in session not allow to set expire time in seconds, it'll allow to minutes.
So, when you set up liftime = "60", it's means it will expire in 1 hour.
Hence, You have to set liftime = "1" in your config/session.pph file. Also, default value in .env file SESSION_LIFETIME=120 you have to replace that with 1 SESSION_LIFETIME = 1.
After that you have to clear the cache by command:-
php artisan config:cache
Now, your session will expire after 1 minute / 60 seconds.
To see more check this question.

Code Not Working For Old Users After Website Migration

We have a website vehicle search page and over a week ago we migrated to a new hosting provider.
All old users who are revisting and some select users don't see any results on our search however when utilising dd on the collection of products it shows the correct count however the list of results are not part of the collection.
If we use incognito or flush our dns, chrome cache and local cache we can see the results properly.
I can provide the code pieces in question if required, however wondering if anyone has had this issue before.
Thanks
We have done the following;
Flushed the cache and cookie via code in the controller
localstorage refresh with jquery
localsession refresh with jquery
updated all versions on style sheets and javascript to refresh them
ran composer update to see if that helps
Cleared every inch of cache via laravel commands on the server ,application cache, views, routes, configs
new key
change cache clearance in htaccess
changed from Public to no-store in htaccess
The following 3 worked however not ideal as we can't utilise this on customers machines;
Flushed chrome cache via browser
Flushed dns via cmd line
Icognito
This is the part of code that retrieves and makes up the collection;
$products = $this->product->search($data, $page->id, 24, $type, $userlatLon);
This function is the following;
public function search($data, $pageId, $productsPerPage, $type, $userlatLon)
{
if($pageId == 1536){
unset($data['images']);
}
$sortArray = self::sortArray();
$avaiableFilters = self::avaliableFiltersArray();
$types = self::determineTypeFromGivenInt($type);
$select = 'products.url, products.id, products.registration_date, products.created_at as in_stock_date, products.location_code, products.type, products.special_order, products.price, products.sale_price, products.make, products.model,
products.derivative, products.mileage, products.live_until, products.model_year, products.year, products.times_viewed_in_the_last_week, products.transmission, products.tax_cost, products.fuel_type, our_title, our_description, i.our_src_440, f.term, f.first_payment, f.id as finance_id,
no_of_regular_payments, monthy_payments, final_payment, cash_price, cash_deposit, engine_size_formatted, total_deposit, amount_of_credit, total_charge_for_credit, total_amount_payable, products.plus_vat, products.attention_grabber,
apr, l.friendly_name as location_name, l.url as location_url, l.gmaps_url as gmaps, l.address_1, l.town, l.city, l.postcode, l.telephone, if(sale_price > 0 AND sale_price < (price - 100) , 1 , 0) as reduced';
!!!MORE QUERYING IS HERE!!!
if ($type == 4) {
$products = $products->has('pdfRecord')->groupBy('products.make', 'products.model')->paginate($productsPerPage, ['products.url']);
} else {
$products = $products->groupBy('products.id')->paginate($productsPerPage, ['products.url']);
}
return $products;
}
The expected results should be all products showing like a normal user sees.
However the collection returns 648 results but non of the results are part of the collection

How to disable all visitors cookies in Joomla 3.x

I'm trying to disable all visitor cookies for my Joomla website.
I found some tutorials, but they are for Joomla version:1.x
Any suggestions?
The solution is very similar to solution to remove cookies in Joomla version 1.x and 2.x. So we will use the same condition and principle.
If you change this two files then maybe something other will not work. Change this only if you know what are you doing and if you know that will everyting else work. Because you can break the whole website!
You must edit two files /libraries/src/Application/CMSApplication.php and libraries/joomla/session/handler/native.php
In libraries/src/Application/CMSApplication.php change code around line 166 and add if condition for whole code in method if (substr($_SERVER['SCRIPT_NAME'] , 0 , 14) == "/administrator"){
public function checkSession()
{
if (substr($_SERVER['SCRIPT_NAME'] , 0 , 14) == "/administrator"){ // added condition
$db = \JFactory::getDbo();
$session = \JFactory::getSession();
$user = \JFactory::getUser();
// ... rest of code
}
}
In libraries/joomla/session/handler/native.php change code around line 229 add if condition for whole code in method like in previous file
private function doSessionStart()
{
if (substr($_SERVER['SCRIPT_NAME'] , 0 , 14) == "/administrator"){ // added condition
// Register our function as shutdown method, so we can manipulate it
register_shutdown_function(array($this, 'save'));
// ... rest of code
}
}
This works in Joomla 3.8.2
Note: after every Joomla update you must edit this two files again and test if this solution still works.
Set the cookie-path "/administrator" in the Admin Joomla Settings (System => Configuration).
Then the session cookies are created only for the admin area.
To avoid all cookies for normal visitors, you need to follow the below steps.
First of all: Deactivate site statistics! Global configuration -> Statistics -> Statistics: No. This will stop the "mosvisitor" cookie.
Don't use the Template Chooser module, because it uses a cookie named "jos_user_template".
Be careful with components: Some might start their own PHP session.
Now to the main point: comment out line 697 of /includes/joomla.php like this:
// setcookie( $sessionCookieName, '-', false, '/' );
Additional: Comment out line 25 in /offline.php:
// session_start();
This seams to be an artifact of old versions.

The session id is too long or contains illegal characters in Laravel 4

I installed Laravel 4.0 and got this error
ErrorException
SessionHandler::read(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
return (bool) $this->handler->close();
}
/**
* {#inheritdoc}
/
public function read($id)
{
return (string) $this->handler->read($id);
}
/*
Do you have Laravel 3 installed on the same machine? By default, Laravel 4 uses the same session cookie name (as Laravel 3), now found in /app/config/session.php file. Simply change:
'cookie' => 'laravel_session',
to, e.g.
'cookie' => 'laravel_session_4',
and refresh browser. All should work now.
It could be that you have a corrupt cookie. Try clearing cookies in your browser.
Take a look at this discussion: https://stackoverflow.com/a/16318456/1563189
Especially:
How do you end up with illegal characters in PHPSESSID in the first place? Aren't they generated by PHP automatically? – Lèse majesté Jul 6 '10 at 11:57
They are, but a cookie that links you to a generated session id is client side. If that cookie changes to an invalid format (somebody is trying to exploit something) PHP will notice it. – Aleksey Korzun Sep 6 '11 at 19:56
There is a bug report for this problem (https://bugs.php.net/bug.php?id=68063)
You can check the success of your session_start and generate the id if needed:
$ok = #session_start();
if(!$ok){
session_regenerate_id(true); // replace the Session ID
session_start();
}

Does anyone know what is the 32 character string before the product image filename in Magento?

I ask this question, since I am trying to get the images I have just copied from Domain A to work in Domain B, (which is using the same database).
http://DOMAIN_A/magento/media/catalog/product/cache/1/image/9df78eab33525d08d6e5fb8d27136e95/b/0/b0041-1.jpg
I think knowing what the 32 character string is, which help me find a good explanation why the images are not being found in the front or backend of Magento after reinstall on DOMAIN B.
RE: Magento version 1.4.0.1
Here's the code that creates that filename path, found in Mage_Catalog_Model_Product_Image:
// build new filename (most important params)
$path = array(
Mage::getSingleton('catalog/product_media_config')->getBaseMediaPath(),
'cache',
Mage::app()->getStore()->getId(),
$path[] = $this->getDestinationSubdir()
);
if((!empty($this->_width)) || (!empty($this->_height)))
$path[] = "{$this->_width}x{$this->_height}";
// add misk params as a hash
$miscParams = array(
($this->_keepAspectRatio ? '' : 'non') . 'proportional',
($this->_keepFrame ? '' : 'no') . 'frame',
($this->_keepTransparency ? '' : 'no') . 'transparency',
($this->_constrainOnly ? 'do' : 'not') . 'constrainonly',
$this->_rgbToString($this->_backgroundColor),
'angle' . $this->_angle,
'quality' . $this->_quality
);
// if has watermark add watermark params to hash
if ($this->getWatermarkFile()) {
$miscParams[] = $this->getWatermarkFile();
$miscParams[] = $this->getWatermarkImageOpacity();
$miscParams[] = $this->getWatermarkPosition();
$miscParams[] = $this->getWatermarkWidth();
$miscParams[] = $this->getWatermarkHeigth();
}
$path[] = md5(implode('_', $miscParams));
// append prepared filename
$this->_newFile = implode('/', $path) . $file; // the $file contains heading slash
So, the hash is generated from the configuration info (aspect ratio, etc), as well as the watermark info. This information will not usually change. However, I do see that the path is partially generated from the store_id of the current store, so your trouble may be there.
Is there a reason you can't let Magento use its normal caching procedures for both stores? Since Magento checks the filesystem for the cached image, there shouldn't be a conflict.
Hope that helps!
Thanks,
Joe
Upon contemplation, are you just trying to get the catalog images to work in both domains? The non-cached version of the catalog images are at %magento%/media/catalog/product. Copy the directories from that location and your catalog images should work.
Moving over the cached images isn't going to go far, since they will be deleted next time you flush the Magento cache. So, having moved the images that are in /media/catalog/product, flush the Magento image cache. Make sure that the file permissions are correct for reading. Then, head into Mage_Catalog_Model_Product_Image and take a look at the following code (approx line 270):
if ($file) {
// add these for debugging
Mage::log($baseDir.$file);
Mage::log(file_exists($baseDir.$file));
Mage::log($this->checkMemory($baseDir.$file));
if ((!file_exists($baseDir . $file)) || !$this->_checkMemory($baseDir . $file)) {
$file = null;
}
}
Add a var_dump or Mage::log statement in there (depending on whether you have logging enabled), and verify that the path to the images is correct, and that you have enough memory for the operation. This is the code that will choose the default image for you if no image path exists. If you still can't get it, post the output of those three logging statements and we'll keep trying. :)

Resources