Question about session id

**yonghs** · 26 Nov 2008, 11:08 AM

Hi,

This is a general question about the id appended to the end of links when we access a Zen Cart site. For example, the Privacy link in the Information sidebox >>>

anydomain.com/index.php?main_page=privacy&zenid=e5cd7ef5a6b6e3a569565915950fb745

If I hard code the links in a sidebox, or add any hard coded links (in the sidebox template file.... the links won't have the id appended to the links anymore. (Sometimes I also hardcode the ezpages top menu links.. so that I can easily make the design to look anyway I want)

Will there be any problems to the operation of the site??

Thanks.

**schoolboy** · 26 Nov 2008, 11:34 AM

You must remove the session ID number from url's you intend to provide as links. This number is generated to identify a specific user and to record their "actions" while on your site.

You should also configure your sessions:

admin>>>sessions>>>prevent sipder sessions (set to TRUE).

**yonghs** · 26 Nov 2008, 11:40 AM

Yes, the hardcoded links are without IDs of course. Was wondering if it's ok if i hardcode links this way? As some system generated links will have ID appended and my hardcoded links will not have the ID.

Also, I don't see how the "prevent sipder sessions" setting is related?

**schoolboy** · 26 Nov 2008, 12:27 PM

Originally Posted by yonghs

Yes, the hardcoded links are without IDs of course. Was wondering if it's ok if i hardcode links this way? As some system generated links will have ID appended and my hardcoded links will not have the ID.

If the link is internal, then you just need the part that starts with "index.php?....."

Originally Posted by yonghs

Also, I don't see how the "prevent sipder sessions" setting is related?

You are correct - not related to the above, but as your post was about session ID's I though this may be a helpful reminder. If a spider trawls your site and indexes the pages, it might grab (and index) the session ID as well.

**yonghs** · 26 Nov 2008, 12:44 PM

Thanks a lot.

The Prevent Spider Session is TRUE by default :)

**DrByte** · 26 Nov 2008, 01:09 PM

WAIT

You should ALWAYS let Zen Cart append the zenid on any URL links it generates to its own ("internal" as referenced earlier) pages.

The zenid parameter is ONLY added by Zen Cart when the visitor's browser has not yet set a cookie to track that session ID. For most people, the 2nd click anywhere on your site causes the zenid parameters to disappear because the cookie has been set and takes over instead. If it doesn't disappear, then the server was unable to set an identifiable cookie in the browser, and thus it knows it needs to keep identifying its connection ... otherwise the customer will not be able to log in.

schoolboy is correct on one point for sure: do not ever post a URL containing a zenid when posting to a forum or into a newsletter or email you plan to send out ... otherwise everyone who clicks it could jump into each other's shopping session, and you'll end up with angry customers.

But hardcoding internal links to never show the zenid is ill-advised.

**schoolboy** · 26 Nov 2008, 01:27 PM

Originally Posted by DrByte

But hardcoding internal links to never show the zenid is ill-advised.

Absolutely... and I should have made myself more clear on this. My advice relates only to internal URL's you may want to "embed" within (for example), your defined pages text, or an ez-page.