osCommerce Watch

There are plenty of ways to create problems with an osCommerce store by not understanding implications of a particular setting. Some problems will only appear in an intermittent way, making it harder to diagnose and fix. Hopefully this helps someone avoid tweaking settings that can cause problems, and will help others solve problems with their store.

In the Configuration section of the osCommerce admin area are a group of settings related to "Sessions". An easy way to break certain user's access to your site is to set "Check IP Address" to "True".

Certain ISPs (including one major US ISP), may change the IP address of their customer over the course of a session. In particular their IP address may change when they visit a page on your site requiring SSL to view. Enabling the check on IP will effectively log them out.

This setting can create problems with users being logged out in a seemingly random way, or having problems with their shopping cart contents disappearing, or being unable to log in to the store. These are all potential symptoms of lost sessions.

Some of the other settings here can cause predictable problems if enabled. Make sure you or your developer understand what they are for before enabling. Setting everything to "true" does not necessarily create a more secure store.