PDA

View Full Version : Security Awareness - Zencart Stores



HollyS
12-30-2006, 11:41 AM
I've been on a couple of blogs lately where I've clicked on a link or image to someone's store only to find out that that link contains something it should never...the part of the url that reads &zenid=awer09-0712w344848602345 (or some weird string). It's very innocent to be in a store and want to copy the url and give it someone so they can go visit it. BUT...here's the problem if you include that part of the url that begins with "zenid=". This is a session id and when multiple users click the link with this is in it close in time, they all could potentially share the same session and potentially the same user account. NOT GOOD.

FYI, we haven't been the victim of this...just taking precautions with all users.

beany
12-30-2006, 12:57 PM
Thanks for the heads up :)

steph
12-30-2006, 02:52 PM
Thanks Holly... that would be a small nasty if it did happen... thanks for the head up!

okblues
01-01-2007, 10:30 AM
Thanks Holly. That isn't a good thing to happen.