Davey Posted October 1, 2005 Posted October 1, 2005 Hi We have been running a shop online for six years and using the great oscommerce for three years - but never had this problem before. We have two orders for the same product - nothing new there - all paid - again nothing new. BUT then we receive the following email - could this be possible? :o ==================== Note: this confirmation was sent to me in error! My correct order confirmation was number <snip> I was contacted by phone by <snip>, who originated this order, who told me that my address and other details came up on the web page as he was entering his order and he unintentionally confirmed the order without noticing that the address was incorrect. I think that no harm has been done in this case, but there is clearly a problem with your web site if one customer’s (my) details are visible during a second customer’s transaction. Presumably <snip> was only able to phone me because my phone number also appeared on his order form? ======================== I do not have any details for the second customer (he may have rang the office and left a message - I am at home), I presume that PSP SecureTrading will flag once they see the second payment is not the cardholders address. Any help would be great. TIA David
♥Vger Posted October 1, 2005 Posted October 1, 2005 In your osC admin panel under Configuration --> Cache, set Use Cache to false. Then in your osCommerce configure.php files on the last line, make it read 'mysql' where indicated, thus storing sessions in the database and not in files. Also make sure that you have Prevent Spider Sessions set to true, under Configuration --> Sessions. If people are coming to your site from search engine links which already contain the same session id then you should set Recreate Session to true also. Vger
Davey Posted October 1, 2005 Author Posted October 1, 2005 Hey Vger Thank you so much for your quick responce, I thought it was a hoax at first. Kind Regards David
Davey Posted October 3, 2005 Author Posted October 3, 2005 In your osC admin panel under Configuration --> Cache, set Use Cache to false. Thanks already set to false Then in your osCommerce configure.php files on the last line, make it read 'mysql' where indicated, thus storing sessions in the database and not in files. Also make sure that you have Prevent Spider Sessions set to true, under Configuration --> Sessions. If people are coming to your site from search engine links which already contain the same session id then you should set Recreate Session to true also. Vger I can't find how to set the sessions - not in config. I expect this is what I need to do as the same item was ordered within 3 mins and the second customer said that the first customers details appeared. Not very safe! TIA again for your help. Regards David
Guest Posted October 3, 2005 Posted October 3, 2005 catalog\includes\configure.php Make sure you have this line in: define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
Davey Posted October 3, 2005 Author Posted October 3, 2005 Thanks enigma1 I understood that but it's this bit I can't find: Also make sure that you have Prevent Spider Sessions set to true, under Configuration --> Sessions. Regards David
Guest Posted October 3, 2005 Posted October 3, 2005 Its in your osc admin control panel. Goto configuration->Sessions Then make sure the "Prevent Spiders Sessions" option is set to true. and recreate sessions also set to true.
Davey Posted October 4, 2005 Author Posted October 4, 2005 I Have this in Config: My Store Minimum Values Maximum Values Images Customer Details Shipping/Packaging Product Listing Stock Logging Cache E-Mail Options Download GZip Compression Regards David
♥Vger Posted October 4, 2005 Posted October 4, 2005 Below GZip Compression you should have an entry for Sessions. If you don't then there's something else wrong with your site. Vger
Davey Posted October 4, 2005 Author Posted October 4, 2005 Below GZip Compression you should have an entry for Sessions. If you don't then there's something else wrong with your site. Vger Rats, we must have an old or odd version then. :o Thanks for your response
FixItPete Posted October 21, 2005 Posted October 21, 2005 Also make sure that you have Prevent Spider Sessions set to true, under Configuration --> Sessions. If people are coming to your site from search engine links which already contain the same session id then you should set Recreate Session to true also. Vger Vger (or anyone else), If I set "Prevent Spider Sessions" to true, will search engines still come and idex my site? I am confused by this term. Thanks, Pete I find the fun in everything.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.