Bugs & Feature Requests
Gateways, Merchant Accounts, Bank Accounts, Oh My!
The Foxy forums are on the move!
We're in the process of
moving our forums over to a new system
, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to
reach out to us via email
Urgent Issue: PHPSESSID_hash_present
edited August 2012
A client site just started throwing this error in the cart when the Checkout button is pushed. I can duplicated it with 0 qty in the cart, but others are getting this error under normal conditions. The site is losing customers now so this is urgent.
We've replied to the email you sent in - let's continue the discussion there.
Thanks. Yes, i see session_start() being called in a module we've introduced and I suspect that is triggering the URL injection for some users. I can't discern any browser, data, or url pattern that triggers it. It looks like our host may be the culprit.
Is it considered good practice to turn off FoxyCart form validation?
You don't have to have it on for your cart to work, but if you're concerned about customers possibly playing with your add to cart links or forms within the browser, the HMAC encryption is the best way to secure them.