0

I get a mail in which I am given a link to a page of account history page like this: 

http://www.mydomain.com/accounthistory.php?order_id=491

Using this I can view the order detail, but when I am logged in to my account and I access the same link copying from mail I got, I get the page, but I get logged out.

This page is also available in general of my site after login and the URL is displayed as

http://www.mydomain.com/accounthistory.php?order_id=491&osCsid=v2i9agpobsce2dvlfgi28449j3

Hence, my question is:

If I am logged in my account and using the link which I got in my mail, i.e.

http://www.mydomain.com/accounthistory.php?order_id=491

what should I do so that I do not get logged out of my account?

After looking through the both ways, I found that I need the "osCsid" appended to my URL which I got in my mail. And by debugging I found it to be saved in session. How can I use it to get my point work?

Smi
  • 13,850
  • 9
  • 56
  • 64
OM The Eternity
  • 15,694
  • 44
  • 120
  • 182

1 Answers1

3

If your shop system doesn't use Cookies for sessions, carrying the session ID in the URL is in fact the only way to continue the session.

However putting the session ID into the E-Mail is not very elegant. The session ID will become invalid at some point, and it makes the URL long and ugly.

I would consider activating Cookie based authentication for those clients that accept it.

Pekka
  • 442,112
  • 142
  • 972
  • 1,088