Aptcode Design
Home arrow Help Articles arrow osCsid link danger!
osCsid link danger! PDF Print E-mail

One of the worst traps you can fall into when working on your store is creating a link with an attached osCsid parameter.

First what is an osCsid parameter?

This is an identifying string of numbers and characters that is intended to identify each unique customer as they navigate around your store.

It is supposed to be an alternative to using a "Cookie" that would be placed in a customers computer - as some browsers block cookies for security reasons.

An osCsid is placed at the end of an URL and looks something like this:-

checkout_shipping.php?osCsid=cf40fff4084289bbf2fb49613c97d2aa 

Note that the script that would show in that example is the "checkout_shipping.php" section of the URL but an osCsid could be found or used in almost any store URL and while it may not be shown in the browser URL field on every page, the osCsid value will be passed from page to page identifying the customer.

The actual osCsid in this example is  osCsid=cf40fff4084289bbf2fb49613c97d2aa

A "?" was also added at the start to make it work as a "parameter" to the script (checkout_shipping.php)

So why is copying a URL and pasting it somewhere in your store DANGEROUS if it still has an osCsid attached?

Quite simply if more than one person clicks on that link whilst browsing the site at the same time, then they will be seen by the store software as being the same shopper!

That means their shopping baskets will get mixed together and they will share the same user account - a big security risk.

What makes things even worse is when a search engine like Google stores a URL with an osCsid attached - so when people click on such a link returned by a Google search they will be affected immediately. It can be hard clearing such bad URLs from Google and you can lose a lot of orders and customers when things go wrong.

So whenever you copy a URL from your store to paste elsewhere ALWAYS CUT THE OSCSID PART OUT OF IT!

Bad URL:

 checkout_shipping.php?osCsid=cf40fff4084289bbf2fb49613c97d2aa

Clean URL

checkout_shipping.php

Note the ?osCsid=cf40fff4084289bbf2fb49613c97d2aa part has been edited out from the URL.

 
 
< Prev   Next >
[ Back ]
© 2010 Aptcode Design
Na bean don chat gun lamhainn
JoomlaWatch Stats 1.2.9 by Matej Koval