mike_x_
Reputation: 1929
Is Opencart token on url the session id?
In opencart I see that URLs look like this below:
https://www.example.com/admin/index.php?route=common/dashboard&token=Ger45ZJMsdfSSDggHfghI4wcQzbD
is this token my session id? If yes, is it secure to pass session id on url (with or without ssl)?
Upvotes: 2
Views: 2908
Answers (1)
You Old Fool
Reputation: 22960
No, the token parameter is not the session id.
The token parameter is assigned as a session variable by admin/controller/common/login.php when you log in (varies depending on version):
$this->session->data['token'] = md5(mt_rand());
To get the session id you can call:
$this->session->getId();
Which is defined in system/library/session.php. You can clearly see they are two different things.
Upvotes: 7
Related Questions
- Opencart Admin Cron Jobs
- Opencart custom admin area -> invalid token session
- What is the purpose of $this->request->get['token'] in opencart customer login file?
- Session Variables in Opencart
- OpenTok: What's the difference between the session and the token?
- OpenCart - "Invalid Token Session" error - how to fix now & prevent in the future?
- Opencart session info in Wordpress
- When is an opencart session token accepted as valid?
- Session id in url
- Session token - how does it work?