Originally Posted by
czemel
Hi,
Thanks for the reply.
>set Recreate Session False to true
If I do this then I am concerned I will get the original issue (that was resolved when switching Recreate Sessions to false) where some people were getting logged out of their cart during the checkout process.
>sounds like you have a url posted out there somewhere with a session ID ( >zenid ) attached to it
Lets assume you were correct. Here's a question for you. If User A posts a link on the internet with the session ID. If User C then clicks on that link can s/he then possibly see account info for User B or just User A. If its just user A, then I am 100% positive this didn't happen. If User C could see User B info (or any other user for that matter), then it would be impossible to know for sure and I would seriously be concerned about the security in general.
Any input would be great...
Thanks.
Bookmarks