The default configuration of Zen Cart is to store session data in the database, since this allows sessions to work on both SSL and non-SSL pages most easily.
Another optional configuration is to store session data in files on your server, in a folder that's writable by PHP. When you do that, PHP must store a file for EVERY visitor to your site. This session file keeps track of all the settings the visitor has invoked including where they're at on the site and what's in their shopping cart, even what currency they selected. When they're done on your site, or after a timeout period, those files are normally automatically removed by PHP.
If your site is set to store sessions in files but the folder where you've told it to store those files is not writable or doesn't exist, then sessions can't start and logins and shopping can't happen.
Also, if unauthorized persons gain access to those sessions files then you open yourself up to a security risk. So, if you're going to continue using files for session storage, make sure the folder is secured properly and not accessible by web visitors.


Reply With Quote
