sinopia Posted March 22, 2018 Share Posted March 22, 2018 Well I've set the "Recreate Session" to false and seems to work, is there any security issue about this? I've found this by @Jack_mcs Quote Having the recreate session is not less secure. It's purpose was to change the session ID for checkout in case the session ID became known, which was common in the early history of oscommerce. That is unlikely to happen now as long as you have prevent spiders set to true and you are not using the servers tmp directory (see the cache and sessions settings). The session ID will always appear when first visiting a site and may stick around in old shops. If you install one of the url rewriters (Ultimate SEO or SEO 5), that won't happen. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.