Apache or PHP performs a weird redirect when session has expired

Question

I recently started working on an OsCommerce 2.3.1 built system for a company that I work for. They started getting some weird errors though in the error-log. We don't know when these errors began, but they are definitely somehow related to session handling in either PHP or Apache, since there is no redirect being made anywhere else in our code.

Whenever my session has expired and I try to sign in, I get redirected to "example.com/aW5kZXgucGhw" for instance, which is not a valid page, and returns a 404.

How come this happens? Is it trying to append a session key to the URL?

Answer 1

Such redirect is not a standard osCommerce redirect.Session ID is much longer then aW5kZXgucGhw (32 character ) so higher probability its coming from somewhere else, plus session ID whenever in standard osCommerce url is example.com/page.php?osCsid='5abdl9l9tu5ndmcclvrt8267m2 ' something like this.

In osCommerce function tep_redirect($url) in includes/functions/general.php is responsible for redirects.

I suggest you to write some code that will log URL parameter passed to this functions plus a debug backtrace to make out from where this function was called.

If file write code generates a log with value for "url" similar to this URL example.com/aW5kZXgucGhw then you need to look into debug backtrace log part so as to get to the code part that resulted in this redirect call.