[ic] Parsing of Querystring and security

[Andrew McBeath]

I am just playing / poking round in the depths of interchange...basically
so I am happy that I know how the whole thing works. (I hate having stuff
that I dont know how it works)
This particular question was motivated by the whole dropped shopping carts
and sessions issue...NOTE: I am not asking about how to get this working
etc... I am of the opinion that shared SSL is not the best approach for
Interchange and if it's not going to work why bust your boiler trying to
get it going for the sake of a few bucks...

Anyway, my question is: whereabouts is the querystring (appended by [area]
for example) generated and parsed - in particular where is the id=<session
id> removed / made unavailable.  I found a lot of interesting bits like sub
adjust_cgi() on line 1577 of /bin/interchange and it's callers.  Also many
cool little bits in the /Vend/Session*.pm modules.

The closest I seem to have come the are the bits involving $Vend::FinalPath
although this would appear to me to be after the Querystring /
$CGI::values{id} have been parsed...again mostly interested in the session
id value.

Could somebody point me to the appropriate code to get my wheels moving
again?


Cheers,

Andrew