When a client application sends a POST request to the
/cart endpoint to create a new anonymous cart, it may now include a new optional parameter, sessionValidated. By default, the parameter’s value is set to
false. If the value is set to
true, the Cart service validates that the session ID received in any cart request is the same as the session ID stored in the cart. This validation prevents a user who provides only the cart ID from performing any action on an anonymous cart.
This update does not break backward compatibility. If the cart creation request does not include the sessionValidated parameter set to true, the Cart service does not perform the session ID validation and completes the request accordingly.
If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.
Use our private help channel. Receive updates over email and contact our specialists directly.
If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.