kingbono Posted December 15, 2004 Posted December 15, 2004 This has now happened on 3 different installations of osccommerce 2.2. A user goes to log in and automatically is logged into another users account. They can see the other users orders, addresses etc. I've seen them place orders in the wrong accounts and the customers who are seeing this are really starting to complain! I am guessing it is a sessions problem, and I really need a fix.
ozcsys Posted December 15, 2004 Posted December 15, 2004 Check the last line of your configure.php files and change define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql' To define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' The Knowledge Base is a wonderful thing. Do you have a problem? Have you checked out Common Problems? There are many very useful osC Contributions Are you having trouble with a installed contribution? Have you checked out the support thread found Here BACKUP BACKUP BACKUP!!! You did backup, right??
kingbono Posted December 15, 2004 Author Posted December 15, 2004 It's already set to that on all 3 sites!!
♥Vger Posted December 15, 2004 Posted December 15, 2004 Under 'Configuration, set Cache --> Use Cache to 'false' The Cache feature is set to use the same tmp folder you use when storing sessions in files. Vger
user99999999 Posted December 15, 2004 Posted December 15, 2004 Maybe you have a hardcoded session link somewhere, your site, forum, email, search engine.
♥Vger Posted December 15, 2004 Posted December 15, 2004 It's almost certainly the Cache feature, using the same tmp folder as sessions do when sessions are stored in files. On a shared server it creates exactly the problem described. If sessions are recorded in search engines then 'Prevent Spider Sessions' needs to be set to 'true' and then you have to wait until the links are updated - nothing you can do about it. Vger
kingbono Posted December 15, 2004 Author Posted December 15, 2004 Thanks for all the advice! Cache was already set to false. Prevent Spider Sessions was false so I switched it to true. I'll no have to wait to be indexed agian, and hopefully not see the problem again.
kingbono Posted December 17, 2004 Author Posted December 17, 2004 I changed the prevent spider sessions to True, and I know I need to wait for the site to be reindexed, but it is still happening and I want to try to prevent it...now. It appears that setting check "SSL session ID" to true should check and stop repeats, but it doesn't. It happened again yesterday. Is there another way to not allow 2 users with the same session id?
osfdeath Posted February 17, 2005 Posted February 17, 2005 I'm currently having the same problem I have: define('STORE_SESSIONS', 'mysql'); and I have "cache" set to "false" Not sure where this 'Prevent Spider Sessions' is located at. The above has been my default setup upon install and this has been happening constantly. Would it not be possible to change the /tmp/ dir to one that only I can use? (ie /home/user/public_html/oscommerce/my_tmp/ ) Troy
mafiouso Posted April 7, 2006 Posted April 7, 2006 im having the same problem, seem people are coming in onto others accounts :(
Guest Posted April 7, 2006 Posted April 7, 2006 try this http://www.oscommerce.com/community/contributions,4112
Recommended Posts
Archived
This topic is now archived and is closed to further replies.