kingbono Posted December 15, 2004 Share Posted December 15, 2004 This has now happened on 3 different installations of osccommerce 2.2. A user goes to log in and automatically is logged into another users account. They can see the other users orders, addresses etc. I've seen them place orders in the wrong accounts and the customers who are seeing this are really starting to complain! I am guessing it is a sessions problem, and I really need a fix. Link to comment Share on other sites More sharing options...
♥ozcsys Posted December 15, 2004 Share Posted December 15, 2004 Check the last line of your configure.php files and change define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql' To define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' The Knowledge Base is a wonderful thing. Do you have a problem? Have you checked out Common Problems? There are many very useful osC Contributions Are you having trouble with a installed contribution? Have you checked out the support thread found Here BACKUP BACKUP BACKUP!!! You did backup, right?? Link to comment Share on other sites More sharing options...
kingbono Posted December 15, 2004 Author Share Posted December 15, 2004 It's already set to that on all 3 sites!! Link to comment Share on other sites More sharing options...
♥Vger Posted December 15, 2004 Share Posted December 15, 2004 Under 'Configuration, set Cache --> Use Cache to 'false' The Cache feature is set to use the same tmp folder you use when storing sessions in files. Vger Link to comment Share on other sites More sharing options...
user99999999 Posted December 15, 2004 Share Posted December 15, 2004 Maybe you have a hardcoded session link somewhere, your site, forum, email, search engine. Link to comment Share on other sites More sharing options...
♥Vger Posted December 15, 2004 Share Posted December 15, 2004 It's almost certainly the Cache feature, using the same tmp folder as sessions do when sessions are stored in files. On a shared server it creates exactly the problem described. If sessions are recorded in search engines then 'Prevent Spider Sessions' needs to be set to 'true' and then you have to wait until the links are updated - nothing you can do about it. Vger Link to comment Share on other sites More sharing options...
kingbono Posted December 15, 2004 Author Share Posted December 15, 2004 Thanks for all the advice! Cache was already set to false. Prevent Spider Sessions was false so I switched it to true. I'll no have to wait to be indexed agian, and hopefully not see the problem again. Link to comment Share on other sites More sharing options...
kingbono Posted December 17, 2004 Author Share Posted December 17, 2004 I changed the prevent spider sessions to True, and I know I need to wait for the site to be reindexed, but it is still happening and I want to try to prevent it...now. It appears that setting check "SSL session ID" to true should check and stop repeats, but it doesn't. It happened again yesterday. Is there another way to not allow 2 users with the same session id? Link to comment Share on other sites More sharing options...
osfdeath Posted February 17, 2005 Share Posted February 17, 2005 I'm currently having the same problem I have: define('STORE_SESSIONS', 'mysql'); and I have "cache" set to "false" Not sure where this 'Prevent Spider Sessions' is located at. The above has been my default setup upon install and this has been happening constantly. Would it not be possible to change the /tmp/ dir to one that only I can use? (ie /home/user/public_html/oscommerce/my_tmp/ ) Troy Link to comment Share on other sites More sharing options...
mafiouso Posted April 7, 2006 Share Posted April 7, 2006 im having the same problem, seem people are coming in onto others accounts :( Link to comment Share on other sites More sharing options...
Guest Posted April 7, 2006 Share Posted April 7, 2006 try this http://www.oscommerce.com/community/contributions,4112 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.