Accessing session information (same domain, different directory)

My CS-Cart is installed in a sub directory on my domain (let's say Custom Application Development Software for Business - Salesforce.com), thus all cookie information is accessible only through the Custom Application Development Software for Business - Salesforce.com* urls. I want to be able to display a user's cart information from any other URL on the site (Custom Application Development Software for Business - Salesforce.com for example).



I know that I can query the sessions table if I can get the user's sess_id, but I'm not sure the best practice for doing this. Any ideas? Is it possible to simply save a “cscart_sess_id” cookie to “/” so I can use it to query the DB from any other directory on my domain? If so, where's the best place to add the code?



Thanks in advance.

What I decided to do was add a “cscart_sess_id” cookie to the root directory so I can access it throughout the site. I added this code in the “core/class.session.php” file in the start() function. Next, I query the cs-cart “sessions” table for that sess_id and parse out the “cart|{}” serialized array to grab the current cart data.



Does this sound like the correct way to accomplish what I need? Am I going to run into any issues with what I did?

Guessing… But why wouldn't you just eliminate any directory references from the cookies so they are all domain specific?

[quote name='tbirnseth' timestamp='1318553148' post='123670']

Guessing… But why wouldn't you just eliminate any directory references from the cookies so they are all domain specific?

[/quote]



I thought of doing that, but I wasn't sure what cookie names CS-Cart uses and although it's probably safe, I didn't want to cause any conflicts between cookies.



To do it this way would you just modify the “fn_set_cookie()” function in “fn.common.php?”

I'm guessing the use the registry setting for http_current_location that adds the directory component to either the http or https protocols. You could adjust in fn_set_cookie() and fn_get_coookie() or you could find the specific cookies and adjust their names. Note that if you run a store in a separate directory (not sub-domain) then you will loose the auth separation between them.



Generally, what you're wanting to do is a bad idea unless you have a really good reason for wanting to do so.

All I want to do is report the number of items in the cart and the cart's subtotal on all other pages throughout the site - nothing more. To do this I'm guessing it's best to grab the sess_id and query the appropriate table for the cart['display_subtotal'] and cart['amount'] variables but the problem is, like I stated, that the cookies are being confined to the “/cart” directory.



So I came up with two ways of doing this:


  1. Alter fn_set_cookie() so it saves all cookies to “/” instead of config.current_path. Pros: only one line of code needs to be changed. Cons: Possible confusion between cs-cart cookies and other cookies on the site. Also, not sure of any repercussions this may cause w/ the cart software.


  2. Add some code to set an additional cookie holding the sess_id to “/” whenever a new sess_id is assigned. Pros: Cookie name won't get confused with other cookies for the site. Cons: Not sure the best way to implement this (what file/function should be modified?). Also, could these two sess_id's become out of sync?



    Any thoughts/suggestions? I would think #1 is the best choice and I don't foresee it being a problem. That said, could you explain what you mean by: “Note that if you run a store in a separate directory (not sub-domain) then you will loose the auth separation between them?” Realistically, I don't think I'd want an auth separation between the cart and the rest of the site - ideally for me they're one in the same.

What I meant by my comment is that if you revert to stripping any directory/path elements from the cookie name, that a session started in example.com/index.php and example.com/store/index.php would share the same cookies and therefore changes to one would affect the other.

[quote name='tbirnseth' timestamp='1318660942' post='123741']

What I meant by my comment is that if you revert to stripping any directory/path elements from the cookie name, that a session started in example.com/index.php and example.com/store/index.php would share the same cookies and therefore changes to one would affect the other.

[/quote]



Of course…that's the nature of cookies. At this point I'm just wondering what the best plan of attack is. I'd like to hear some opinions from people more experienced with CS-Cart than I am.

Hello. i am new to cs-cart. and i want a same solution. my cs cart is installed to www.domain.com/store directory and i want to set my session to root directory www.domain.com . my cs cart version is 4.2.



what i have to do for this?

any help would be appreciable…



Thank you.

We are also looking into this solution. I tried to change the cookie path in fn_set_cookie, but it won't change after uploading the files.


return setcookie($var, $value, $expiry, '/');



the cookie still continues to be “/shop” and not “/”. Any ideas on how to fix it?