I would like to ask what is the good practice for session page:
Here is my setup:
Session Directory /tmp
Force Cookie Use False
Check SSL Session ID True
Check User Agent True
Check IP Address True
Prevent Spider Sessions True
Recreate Session True
The reason why I have this setup because the oscid show up in the URL, if the user check out and send the URL to another user (Let said User B), User B can view all the address information just simply click the link.
My temporary solution is setup the session page like above. It is partially working. However, now, whenever people send the URL, it will go to login page regarding if she is login or not.
Is there any way I can do the following:
1) If it is not checkout, I can still send the URL and share the product information
2) If it is checkout, I want to have login page show up when I pass the URL to protect the user privacy.
Any advice is welcome.