Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

customer shopping carts getting merged


sheffler

Recommended Posts

Hi,

i am running a single instance of osc with non-shared ssl. sessions are running through mysql, and session configs are all set to false except 1) prevent spiders from creating a session=TRUE, and 2) recreate session=TRUE. i have a checkout with registering contribution installed. search engine safe urls = FALSE.

 

I am having an intermittent problem where it looks like some customers are checking out and their orders are getting placed under a previous customer's account. additionally, some first time customers have reported that they are finding items already in the shopping cart while they are trying to add their first item.

 

sound familiar? i have found others with this problem but the solution seems to be things that i am already doing (using mysql sessions, turning off most of the sessions configurations, etc)

 

i also realize that sessions can be shared/hijacked if the url containing the oscID is transferred, copied, or emailed, but after doing a cursory check of some search engines, i cannot find an instance of a url containing the session id and the customers experiencing these issues have told me that they are not using a link sent to them from someone that has already started to use the site.

 

the problem is intermittent and i have not experienced the problem myself but i can clearly see evidence of it in the database.

 

any advice would be greatly appreciated.

 

regards,

chris sheffler

Link to comment
Share on other sites

most likely you are on a shared server where other oscommerce sites are AND you didnt set the tmp file location listed in the admin logging/sessions menu. create a tmp directory in your own path, not just /tmp as the default is but yours, ie /home/user/tmp

also set store sessions to mysql

Link to comment
Share on other sites

thanks for the reply.

 

yes, the site is hosted on a shared server. and yes, the default sessions dir was set to /tmp. i just corrected this as per your suggestion, BUT i am actually storing sessions in mysql. if this is the case, does it matter where the default sessions directory is? isnt this config on if you are storing sessions as files?

 

most likely you are on a shared server where other oscommerce sites are AND you didnt set the tmp file location listed in the admin logging/sessions menu.  create a tmp directory in your own path, not just /tmp as the default is but yours, ie /home/user/tmp

also set store sessions to mysql

Link to comment
Share on other sites

but after doing a cursory check of some search engines

 

There are around 20 or so 'major' search engines, but in all they come to thousands, and to check if even the major ones show URL's with old session numbers you'd have to know which SE the customer used, and the exact search term and parameters they typed in.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...