kteller8 Posted August 9, 2004 Posted August 9, 2004 ok every once in a while i can go to my site and it shows me logged in. well problem is its someone else today i got an order, payment was paypal and it was from chris xxxx well the admin. page showed the order to jay xxxx what can i do to fix this and how can it keep a cookie or some kind of history to someone , who never logged in on the site?
Guest Posted August 10, 2004 Posted August 10, 2004 In /catalog/configure.php set the session type to mysql.
kteller8 Posted August 11, 2004 Author Posted August 11, 2004 define('USE_PCONNECT', 'true'); // use persistent connections? define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql' ?> talking bout there? what should it look like after i fix it? define('STORE_SESSIONS', 'mysql');
kteller8 Posted August 11, 2004 Author Posted August 11, 2004 put in the 'myslq' and it still does it i just went to my site and i was logged in as jeff chan, a customer or mine?
Guest Posted August 11, 2004 Posted August 11, 2004 Both your configure.php should look like this: define('USE_PCONNECT', 'false'); // use persistent connections? ?define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' The_Bear
kteller8 Posted August 11, 2004 Author Posted August 11, 2004 Both your configure.php should look like this: define('USE_PCONNECT', 'false'); // use persistent connections? ?define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' The_Bear ok i went and set it to false, only thing i didnt have done~ very noticable, when i was walking a customer through via AIM and they went to pay and it had soemone else's name/account there!
kteller8 Posted August 21, 2004 Author Posted August 21, 2004 anyone else? i had a customer today say he went to the site and was already logged in as someone else.. he had the chance to order and change all his address info!
stevel Posted August 21, 2004 Posted August 21, 2004 This can also happen if the link someone used to enter the site has a session ID (osCid) already in it. You should take care not to keep around links containing session IDs. There are options under Configire..Sessions in admin to do some validation of sessions, but at least the one based on IP will fail for some legitimate users I have found. Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description
kteller8 Posted August 21, 2004 Author Posted August 21, 2004 This can also happen if the link someone used to enter the site has a session ID (osCid) already in it. You should take care not to keep around links containing session IDs. There are options under Configire..Sessions in admin to do some validation of sessions, but at least the one based on IP will fail for some legitimate users I have found. how can i control if they link session id's? Title Value Action Session Directory /tmp Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session True Session Directory If sessions are file based, store them in this directory. Date Added: 01/13/2004 this is how i have my current admin
stevel Posted August 21, 2004 Posted August 21, 2004 You can't control what others do, but you can control links you put in "permanent" places. I suggest setting Check User Agent to True. That seems to work ok for me. The other seettings you have are fine, Steve Contributions: Country-State Selector Login Page a la Amazon Protection of Configuration Updated spiders.txt Embed Links with SID in Description
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.