Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

one question about session code without cookie


szsupernan

Recommended Posts

hi,

I can't understand the following code in application_top.php

[i]if (isset($HTTP_POST_VARS[tep_session_name()])) {
tep_session_id($HTTP_POST_VARS[tep_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) {
tep_session_id($HTTP_GET_VARS[tep_session_name()]);
}[/i]

 

if the cookie is forbidden on web browser, the session id will be transferred by the url parameter. for example: http://www.mysite.com/index.php?osCsid=xx23424dd23432. so the oscommerce should get the session id from $_GET array, not the $_POST.

but the above code show us that the application will get the session id from $_POST array firstly. only when the request type is SSL, it will get it from $_GET.

I can't understand it. who can explain why?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...