Guest Posted September 24, 2005 Posted September 24, 2005 Noticed a bug in my site. I log in and goto checkout. Then i get to checkout_shipping.php with session string. I remove the session key so it just shows ?osCsid= Then hit enter. I am now officially a different registered customer. All info is someone elses now. The system is accessing a different customer_id now.
AlanR Posted September 24, 2005 Posted September 24, 2005 If you're carrying the session id in the url your cookie setup is wrong. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Guest Posted September 24, 2005 Posted September 24, 2005 If you're carrying the session id in the url your cookie setup is wrong. <{POST_SNAPBACK}> ok thanks what should i set these to on a shared server? Session Directory = /tmp Force Cookie Use = True Check SSL Session ID = False Check User Agent = False Check IP Address = False Prevent Spider Sessions = False Recreate Session = False Recreate Session = False
Guest Posted September 24, 2005 Posted September 24, 2005 If you're carrying the session id in the url your cookie setup is wrong. <{POST_SNAPBACK}> It looks like I need to turn my SSL on and install my cert to force cookies to work? Is this correct?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.