Hello,
I like to make a little shop, on my website. I like to give possibility to anonymous users to add some products to the cart. In the cart I try to store the user id and the session id (what is give the session_id() function). But the problem is, if a user is logged in the session id is changing. Why? And How can I access the anonymous user session?
Ámon Tamás Sitefejlesztő és programozó
2008/10/17 Ámon Tamás amont@5net.hu:
I like to make a little shop, on my website. I like to give possibility to anonymous users to add some products to the cart. In the cart I try to store the user id and the session id (what is give the session_id() function). But the problem is, if a user is logged in the session id is changing. Why? And How can I access the anonymous user session?
If the same session is used before and after login then the site is vulnerable to "session fixation." That's a fancy way to say "someone could steal their account and use it for bad things."
You could add a destination to the login form which contains a unique identifier that corresponds to whatever data you need to persist.
Regards, Greg
-
Greg Knaddison - GVS -
Ámon Tamás