View Issue Details

IDProjectCategoryView StatusLast Update
0001815OXID eShop (all versions)4.02. Session handlingpublic2010-07-30 10:00
Reportersarunas_valaskevicius Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product VersionPast development 
Fixed in Version4.4.2 revision 29492 
Summary0001815: different SSL domain login problems
DescriptionAfter logging in, the user is redirected to the shop ssl url. The links to products and other items in this stage are non-ssl.
If sSSLShopURL domain is different from the normal shop domain, then, after going to some non ssl link, the user is not logged in - session id for ssl url is different and is not synchronized to the non-ssl url.

Also, if ssl and non-ssl domains are same, user gets a logout link to ssl if being in the non-ssl page, and to non-ssl if user is in ssl page. (this behaviour should be unified.)

Similar problems should exist (needs to be explicitly checked, as I can only guess now, since different domains for ssl and non-ssl do not work) - the "keep logged in" cookie should be deleted from both ssl and non-ssl domains after logging out.
TagsNo tags attached.
Theme
BrowserAll
PHP Versionany
Database Versionany

Activities

arvydas_vapsva

2010-07-30 09:59

reporter   ~0003332

"Also, if ssl and non-ssl domains are same, user gets a logout link to ssl if being in the non-ssl page, and to non-ssl if user is in ssl page. (this behaviour should be unified.)" - this must be left as is due to cookie cleanup in case shop uses different hosts for ssl/non ssl