Hmm... I need to find out myself. I don't know what is the answer to your question. I'll do some research in Google and get back to you if I discover an anything. You should email the people at iPage as they probably know..

Have you tried the Session Start Mod:.

Http://addons.oscommerce.com/info/2913.

?.

I am running MS2 so I can't tell you if it will work, but you could try. It is a pretty quick install, not too complicated. You just have to upload two new files, make 2 changes in application_top, 1 in product_info, 1 in login, 1 in product_listing, and 1 in contact_us. Plus you need an updated robots.txt file at the root. And force cookie use should be set to false in admin..

Also as a separate side note:.

If you have trouble with customers being directed to the "cookie usage" page because there is no session (SID killer?) change the part in application_top that says:.

// Shopping cart actions.

If (isset($HTTP_GET_VARS['action'])) {.

// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled.

If ($session_started == false) {.

Tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));.

}.

To:.

// Shopping cart actions.

If (isset($HTTP_GET_VARS['action'])) {.

// redirect the customer to the login page if cookies are disabled.

If ($session_started == false) {.

Tep_redirect(tep_href_link(FILENAME_LOGIN));.

}.

It will direct the customers to login instead of telling them they don't have cookies enabled (because there is no session)..

Good luck! Let us know if it works for you..

Blessings,.

Krisann.

This post has been edited by.

Shartlesville.

: 06 September 2008, 22:52..

Sorry, you said Spider Killer, I thought you meant Session ID Killer. You might try that one too, again I don't know if it will work for MS1 or not but you can check it out. :-).

The link is here:.

Http://addons.oscommerce.com/info/952.

Good luck!.

K..

Shartlesville, I doubt your suggestion would work because my MS 1 version does not have all the "Session" menu in the Admin system, there is no setting to force cookie usage, I don't have all that in the first place..

This is also why the other contributions don't work for my shop. Most contributions are also just to prevent the session IDs from being indexed by the bots, but mine already are indexed and I need a solution to mainly remove the session IDs from the links when people come via the search engine..

I am looking for an installation guide to build all this session and cookie handling into an old MS 1 oscommerce that does not yet have it or alternatively a solution that would work for MS 1 and register_globals off to remove the session ID but only when the customer comes from a link that had one, I can't remove the session IDs completely cause in my version I can not turn them off easily because I am missing all the cookie functionality...

I hope someone can help, but it sure sounds to me like it might be easier and more secure to create a fresh store with an updated version and drop in your database files..

Blessings,.

Krisann..

Krisann, this shop has been modified for 5 years, it has got so much custom functionality, it would not be easier to create a new shop, it is not just some contributions that could be reinstalled, it has been customized much more than that...

The fix is to add code to the application_top file. That file exists in your version too so there's no reason why the fix wouldn't work. But understand that nothing you do will remove the links from google. All you can do is issue a 301 for those links, which is what the code does, and wait for google to remove them. But if someone uses one of the links to get to your site, the code will remove the session ID so that is not a problem. You should also set the Recreate Session option, if it is available in your version.



Jack..

I am already using mod_rewrite to stop the search engines from visiting any links again that contain the osCsid..

Which part of the code added to the application_top file would remove the osCsid and then still allow a new one to be created for the users session? I don't have Recreate Session? And I also don't have $spider_flag...

The code is in that thread. You just have to copy it..

Jack..

I can't use most of it, I looked at the code, most of it is doing the 302 stuff that I already do with mod_rewrite, the rest relies on variables I don't have, I can't find the part that would remove just the osCsid and then re-create a new session, I couldn't get it to work so far...

I don't have an MS1 shop any longer so I can't compare the code but the spiders code from MS2 can be copied and used in an MS1 shop. There used to be either a contribution or a bug report that explained how to do that. I don't have a link to either though, if they still exist..

Jack..

I have been running a very customized version of 2.2 MS 1 for many years..

There has been a lot of trouble with security and I had to manually make improvements..

Now there is a new issue I need serious help with. I need to build all the session and cookie stuff into my MS 1 shops or I need some way to stop the problem where users click on google links that contain the session ID and then they can see other users accounts and order in the name of other people..

I found the contribution Spider killer for MS 1 but it relies on register_globals to be on, which I have already modified on my shop to make it compatible with server settings..

What would be the best way to get this problem fixed? google already has all the session ID links, so most important it would be to stop the impact it has on my busy shops, there are several problems per day where customers see other customers accounts and place orders in other peoples accounts...

Have already reviewed this thread along with all others I could find relating to the problem..

Unfortunately the suggestions all apply to 2.2 MS2 and the only fix for MS 1 is not register_globals off compatible...