Hello, I like to make a little shop, on my website. I like to give possibility to anonymous users to add some products to the cart. In the cart I try to store the user id and the session id (what is give the session_id() function). But the problem is, if a user is logged in the session id is changing. Why? And How can I access the anonymous user session? Ámon Tamás Sitefejlesztő és programozó -- 5NET Informatikai Kft. 1062 Budapest, Aradi utca 38. A 3/11 telefon: (1) 461-0205 | fax: (1) 461-0206 e-mail: amont@5net.hu | web: http://www.5net.hu
2008/10/17 Ámon Tamás <amont@5net.hu>:
I like to make a little shop, on my website. I like to give possibility to anonymous users to add some products to the cart. In the cart I try to store the user id and the session id (what is give the session_id() function). But the problem is, if a user is logged in the session id is changing. Why? And How can I access the anonymous user session?
If the same session is used before and after login then the site is vulnerable to "session fixation." That's a fancy way to say "someone could steal their account and use it for bad things." You could add a destination to the login form which contains a unique identifier that corresponds to whatever data you need to persist. Regards, Greg -- Greg Knaddison Denver, CO | http://knaddison.com | 303-800-5623 Growing Venture Solutions, LLC | http://growingventuresolutions.com
participants (2)
-
Greg Knaddison - GVS -
Ámon Tamás