View Issue Details

IDProjectCategoryView StatusLast Update
0004409OXID eShop (all versions)4.02. Session handlingpublic2015-12-31 18:13
Reportertomas_liubinas 
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionunable to reproduce 
Product Version4.6.3 revision 47975 
Target VersionFixed in Version4.6.5 revision 49955 
Summary0004409: Session sharing between subshops with different domains does not work
DescriptionI found no way to share the session between two sub-shops having two different domains. Passing force_sid or sid parameter between 2 domains destroys the session.


Steps To ReproduceYou can test this by adding something to basket or/and logging in as particular user to one of the subshops. Then get the active sesssion id value (sid parameter) and try to pass it to another subshop. At this point session data is lost.
Additional InformationI found this behaviour when debugging the support case:

Customer has a Enterprise Edition 4.5.X with a Mainshop and two Subshops with inherited articles.

Subshop1: http://dev2.subdomain1.com
Subshop2: http://dev2.subdomain2.com

Now he wants to have a shared basket for the two Subshops.
In config.inc.php he has inserted the parameter $this->blMallSharedBasket = 1

But the shared basket do not work. If you are in subshop 1 and put an article in basket and change to the other subshop, the basket is empty.
Tagsshared basket
ThemeBoth
BrowserAll
PHP Versionany
MySQL Versionany

Relationships

related to 0005321 resolvedLinas Kukulskis Loading of articles is not performed in other subshops 
related to 0005424 resolvedaurimas.gladutis Product over the URL is accessible even if product is not assigned to the shop 

Activities

tomas_liubinas

2012-09-05 11:19

reporter   ~0007429

Clsoing as "not a bug". This is what I wrote in the email:

I‘ve spent some time on this bug now. The situation is better than expected. After spending some time I actually achieved session sharing in the standard shop. And made the shared basket working here localy. I‘ve used the lates standard 4.6.

This is what I do:

1. I set up two subshops under two differnt subdomains: http://mnt.eshop and http://mnt.subshop_b , set $this->blMallSharedBasket = 1 config option.
2. As there is no way to share cookie data between different host in order to identify the session you have to pass the URL parameter in order to share the session. The parameter name which works is force_sid.
3. So what I do I add something to basket, take the active session id. (Could be taken from php by echo session_id() or so.) from http://mnt.eshop/ and pass force_sid parameter to another subshop: e.g.: http://mnt.subshop_b/?force_sid=[oldsid]
Now i see the same basket contents in another page.


The problem why it didn‘t work before was that I tried to change shops over the first page, might be it had some cookie collisions then.

One more tip for experimenting: there is another config parameter: „blSessionUseCookies“ which could be set in config.inc.php. you can trie to set it to true and see if it makes any difference.

martinwegele

2013-07-18 18:58

reporter   ~0008929

Do not forget to activate "Allow users from other subshops" in the Mall settings of the master shop (ID 1).