Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Customers accessing different customer's accounts!


kingbono

Recommended Posts

This has now happened on 3 different installations of osccommerce 2.2.

 

A user goes to log in and automatically is logged into another users account. They can see the other users orders, addresses etc. I've seen them place orders in the wrong accounts and the customers who are seeing this are really starting to complain!

 

I am guessing it is a sessions problem, and I really need a fix.

Link to comment
Share on other sites

Check the last line of your configure.php files and change

 

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

To

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

It's almost certainly the Cache feature, using the same tmp folder as sessions do when sessions are stored in files. On a shared server it creates exactly the problem described.

 

If sessions are recorded in search engines then 'Prevent Spider Sessions' needs to be set to 'true' and then you have to wait until the links are updated - nothing you can do about it.

 

Vger

Link to comment
Share on other sites

I changed the prevent spider sessions to True, and I know I need to wait for the site to be reindexed, but it is still happening and I want to try to prevent it...now. It appears that setting check "SSL session ID" to true should check and stop repeats, but it doesn't. It happened again yesterday. Is there another way to not allow 2 users with the same session id?

Link to comment
Share on other sites

  • 2 months later...

I'm currently having the same problem

 

I have:

define('STORE_SESSIONS', 'mysql');

 

and I have "cache" set to "false"

 

Not sure where this 'Prevent Spider Sessions' is located at.

 

The above has been my default setup upon install and this has been happening constantly.

Would it not be possible to change the /tmp/ dir to one that only I can use?

(ie /home/user/public_html/oscommerce/my_tmp/ )

Troy

Link to comment
Share on other sites

  • 1 year later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...