Tuesday, July 14, 2015

Early Magento Session Instantiation or PHPSESSID in Magento

While doing security fix in magento we come across one unknown session is getting create which name has php default session PHPSESSID after debugging we come to when customer session is int at that time we are not passing session name so to block PHPSESSID need to add else condition in Mage_Core_Model_Session_Abstract_Varien::start()
 if (!empty($sessionName)) {
            $this->setSessionName($sessionName);
        }else{
   return $this;
  }

else{ return $this; }
got some clue from http://alanstorm.com/magento_sessions_early but as per this block they are doing same change in event level i did it in core abstract file itself