2008/10/17 Ámon Tamás <amont@5net.hu>:
I like to make a little shop, on my website. I like to give possibility to anonymous users to add some products to the cart. In the cart I try to store the user id and the session id (what is give the session_id() function). But the problem is, if a user is logged in the session id is changing. Why? And How can I access the anonymous user session?
If the same session is used before and after login then the site is vulnerable to "session fixation." That's a fancy way to say "someone could steal their account and use it for bad things." You could add a destination to the login form which contains a unique identifier that corresponds to whatever data you need to persist. Regards, Greg -- Greg Knaddison Denver, CO | http://knaddison.com | 303-800-5623 Growing Venture Solutions, LLC | http://growingventuresolutions.com