Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Fun with customer address mix-up!


Recommended Posts

Ok, sit down, cuz this is a strange problem. :)


I've got a client running multiple shops of osC (localized for different products available from different branches worldwide). The shops are all running on the same server (under different directories) and the same MySQL DB server (using different databases).


They are having a problem with one of the shops (the USA branch), where a few customers have complained that they are about to complete an order when they see that the billing address belongs to someone else entirely.


Additionally, the person listed in the billing address is not registered as a customer with the webshop.


Initially I thought this was just a fraud, using a stolen credit card and address, etc etc. However the fact that the customers have complained about this bug tells me it's not.


Anyway, shop sessions are - and always have been - stored in the DB, not as files, so I doubt it has to do with that. It just seems that somehow, under certain circumstances, when a customer registers (or tries to), their address information gets shunted to the billing address of another customer, and they don't get registered.


All help greatly appreciated. :)

Link to comment
Share on other sites

even tho sessions is set to store in the db, something is most likely pointing to /tmp what i would do is create a tmp directory in each sites path (so they are all separate) and anywhere in the admin point them to the correct location

Link to comment
Share on other sites

Would these site-specific tmp directories have any problem working if they were under the /admin directory (/admin/tmp/), which is .htaccess password protected? My guess is no, since AFAIK .htaccess only limits http access, right?


Also, where is the setting to define an alternate tmp folder? under the admin panel, or is it in a .php file somewhere?

Link to comment
Share on other sites

example document root path:

/home/domain1/public_html thus i would put the tmp at /home/domain1/tmp



Link to comment
Share on other sites

Regardless of where you store session information, if you have any inbound links containing the session ID and do not cofigure your settings correctly you can have problems.

You _must_ always recreate the session when moving to a https area - make sure this option is set in admin.

Also make sure you have "prevent spider sessions" set on and your spiders.txt file is up to date.




Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...