Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Shopping cart problems... Please Help!


Guest

Recommended Posts

Looks like there may be a ID Session problem on my site, but I'm not sure of this. So let me explain what is happening.

 

A customer contacted me today saying that he was able to see another customers details and what that customer was buying even though he was logged into his own account.

 

He said he deleted everything out of his cart logged out of my site and logged back in thinking maybe it was just a simple hickup. So while he was logged back in and browsing my site he said two more items appeared in his cart in which it was items he had not even looked at ever.

 

I've email the person who works on the site for me to let them know of this and to look into it right away due to privacy issues being the major factor.

 

But I would like to know more on this problem myself so I'm hoping that a few of you here will be able to shed some light on what is possibly going on, where to look for the problem, and if possible how to resolve the problem.

 

A SSL cert was recently installed on my site, which I would think may cause problems of this sort since it deals with customer information at time of checkout.

 

thanks,

Joe

Link to comment
Share on other sites

So is this something that can be resolved within the site files in the configuration on the server or is it going to be a hosting issue that has to be resolved by my website hosting company?

 

Thanks for your quick reply. Please tolerate my stupidity in matters like this. But if I don't ask I may never know the answers.

 

One of 3 things may cause this:

 

Using a cache in a shared directory on a shared host

Storing sessions in a shared directory on a shared host

Inbound links containing the session ID in the URL

Link to comment
Share on other sites

For 1: If you aren't using a cache (either the one that comes as standard in OSC, or a contribution), then you don't need to worry. You can turn the standard caching on or off in the Admin. I would recommend that if you want caching, you turn this off and istall one of Chemo's caching contributions, which allows the cache files to be stored in the database.

 

For 2: Either make sure you are storing session files in a non-shared directory, or look for :

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

 

At the bottom of your configure.php file and make sure it has mysql like above

 

For 3: Not a lot you can do, apart from make sure that if your store is currently displaying the sessionID in the URL that you fix it ASAP - the old inbound links will probably get dropped eventually.

 

Aditionally, make sure you have "prevent spider sessions" turned on in Admin, and get a recent spiders.txt file - that way, when the bots come, they won't index your store with session IDs in the URLs.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...