szsupernan Posted June 11, 2011 Share Posted June 11, 2011 hi, I can't understand the following code in application_top.php [i]if (isset($HTTP_POST_VARS[tep_session_name()])) { tep_session_id($HTTP_POST_VARS[tep_session_name()]); } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) { tep_session_id($HTTP_GET_VARS[tep_session_name()]); }[/i] if the cookie is forbidden on web browser, the session id will be transferred by the url parameter. for example: http://www.mysite.com/index.php?osCsid=xx23424dd23432. so the oscommerce should get the session id from $_GET array, not the $_POST. but the above code show us that the application will get the session id from $_POST array firstly. only when the request type is SSL, it will get it from $_GET. I can't understand it. who can explain why? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.