Such redirect is not a standard osCommerce redirect.Session ID is much longer then aW5kZXgucGhw (32 character ) so higher probability its coming from somewhere else, plus session ID whenever in standard osCommerce url is example.com/page.php?osCsid='5abdl9l9tu5ndmcclvrt8267m2 ' something like this.
In osCommerce function tep_redirect($url) in includes/functions/general.php is responsible for redirects.
I suggest you to write some code that will log URL parameter passed to this functions plus a debug backtrace to make out from where this function was called.
If file write code generates a log with value for "url" similar to this URL example.com/aW5kZXgucGhw then you need to look into debug backtrace log part so as to get to the code part that resulted in this redirect call.