I get a mail in which I am given a link to a page of account history page like this:
http://www.mydomain.com/accounthistory.php?order_id=491
Using this I can view the order detail, but when I am logged in to my account and I access the same link copying from mail I got, I get the page, but I get logged out.
This page is also available in general of my site after login and the URL is displayed as
http://www.mydomain.com/accounthistory.php?order_id=491&osCsid=v2i9agpobsce2dvlfgi28449j3
Hence, my question is:
If I am logged in my account and using the link which I got in my mail, i.e.
http://www.mydomain.com/accounthistory.php?order_id=491
what should I do so that I do not get logged out of my account?
After looking through the both ways, I found that I need the “osCsid” appended to my URL which I got in my mail. And by debugging I found it to be saved in session. How can I use it to get my point work?
If your shop system doesn’t use Cookies for sessions, carrying the session ID in the URL is in fact the only way to continue the session.
However putting the session ID into the E-Mail is not very elegant. The session ID will become invalid at some point, and it makes the URL long and ugly.
I would consider activating Cookie based authentication for those clients that accept it.