View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007813 | OXID eShop (all versions) | 4.02. Session handling | public | 2025-07-21 14:08 | 2025-07-23 14:23 |
| Reporter | michael_keiluweit | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 7.3.1 | ||||
| Summary | 0007813: An active ContentCache can lead to a force_sid parameter being added, even if it is explicitly disallowed via disallowForceSessi | ||||
| Description | When the Dynamic Content Cache is enabled, the force_sid parameter may be appended to the URL under certain conditions (e.g., when switching currencies), even if $disallowForceSessionIdInRequest is set to true in config.inc.php. | ||||
| Steps To Reproduce | Reproduced with the SDK - Use a SSL environment - Install EE 7.3 - Activate Dynamic Content Cache - Set the parameter disallowForceSessionIdInRequest in the file config.inc.php to true. - Open the product page Destiny. - Change the currency. - The URL contains the parameter force_sid | ||||
| Additional Information | The method \OxidEsales\EshopEnterprise\Core\Cache\DynamicContent\ContentCache::appendSidPlaceholder may lack an if statement to evaluate the disallowForceSessionIdInRequest parameter. | ||||
| Tags | No tags attached. | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
