Session_recreate

[Dave224]

What are the implications (if any) of setting SESSION_RECREATE to false? I believe that the session id is changed during account creation if SESSION_RECREATE is set to true.
Thank you!

[mc12345678]

What are the implications (if any) of setting SESSION_RECREATE to false? I believe that the session id is changed during account creation if SESSION_RECREATE is set to true.
Thank you!

When it comes to sessions, typically the other side of the hat is to ask, what is the issue of concern? Use of the default settings should be sufficient. Have they been altered? Is there a reason to try altering them? Etc...

[Dave224]

When it comes to sessions, typically the other side of the hat is to ask, what is the issue of concern? Use of the default settings should be sufficient. Have they been altered? Is there a reason to try altering them? Etc...

The client is sending a second POST request while the first POST request is still processing in create_account.php. When initial POST processing reaches the test on SESSION_RECREATE, the server begins to process the second POST, but since key data has not yet been saved to $_SESSION, namely customer_first_name, customer_last_name, customer_default_address_id, customer_country_id, customer_zone_id, and customers_authorization, several errors occur. First, the customer gets a notice that the email address already exists in the system and is encouraged to log in with that email address. (other customer data such as customer_id, email address, etc are saved in the database and/or in $_SESSION previously.) Since they are trying to create an account, they are left confused. In addition, while trying to display the page, tax rate can't be found since country_id and zone_id are not set.

I have not found the cause of the second POST. Double clicking, multiple clicks, key board shortcuts have all been tried. The only cause I can think of is a momentary client-server communication dropout which would cause the client to resend the POST.

But if SESSION_RECREATE were set false, processing of the first POST would continue uninterrupted through redirect to the create_account_success page, avoiding the problem (hopefully). Another possible solution is to set the five $_SESSION variables before the test on SESSION_RECREATE. The issue does not occur for every account creation, only for a few. I can not recreate the problem on my development system. Relevant code from create_account follows:

Code:

    if (SESSION_RECREATE == 'True') {
      zen_session_recreate();
    }

    $_SESSION['customer_first_name'] = $firstname;
    $_SESSION['customer_last_name'] = $lastname;
    $_SESSION['customer_default_address_id'] = $address_id;
    $_SESSION['customer_country_id'] = $country;
    $_SESSION['customer_zone_id'] = $zone_id;
    $_SESSION['customers_authorization'] = $customers_authorization;

Dave