kidd6801 Posted January 2, 2006 Share Posted January 2, 2006 I just went live with oscommerce last week replacing X-cart. Everything seemed to be functioning fine. All of my test orders worked and it apeared that everything was ready for the changeover. When I checked my email this morning I had one from a concerned customer that had recieved a call from another customer telling him that he had access to his information. My first thought was that server cache must have messed up and swapped thier login info in memory. After calling the customer he said that the person that called him told him that he had access to everyone's info. I guess my question is has anyone seen an issue like this before, and if so what do I need to do to correct it. I did many searches on the board and could not find any posts that were even related to this issue. I am running the latest version of oscomm and php-4.3.11-2.8 on Fedora Core 3. Any help would be appreciated. Thanks in advance, KiDD Link to comment Share on other sites More sharing options...
kwalker Posted January 2, 2006 Share Posted January 2, 2006 Are you going to say that you had their credit card info stored on your server too? Please say "No", but say so if you did. Kevin "What I didn't know yesterday, I know today & will remember tomorrow" (By Kwalker) What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download? Link to comment Share on other sites More sharing options...
kidd6801 Posted January 2, 2006 Author Share Posted January 2, 2006 No, No CC info is stored on the server. Just email, phone #, and address. Link to comment Share on other sites More sharing options...
user99999999 Posted January 2, 2006 Share Posted January 2, 2006 Make sure you dont have any hard coded session id's anywhere osCsid=.... and prevent spyder sessions = true. Link to comment Share on other sites More sharing options...
kwalker Posted January 2, 2006 Share Posted January 2, 2006 I'm glad to hear that. It very well could have been a system glitch or error that caused it. The strange thing is: a. Why did one person call another person? b. What did this person mean about having access to everyones information? There is a difference between having possession of something and having access to something. I would contact these people and inform them that it's advisable that they purge the information. It would seem like the person who called the other customer would have contacted you.... and not the other customers. I know it's not an easy thing to do, but you may have to contact your customers and explain something to them, or you can wait and see how many more complaints you get before you take action. Kevin "What I didn't know yesterday, I know today & will remember tomorrow" (By Kwalker) What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download? Link to comment Share on other sites More sharing options...
user99999999 Posted January 2, 2006 Share Posted January 2, 2006 I'm glad to hear that. It very well could have been a system glitch or error that caused it. The strange thing is: a. Why did one person call another person? b. What did this person mean about having access to everyones information? There is a difference between having possession of something and having access to something. I would contact these people and inform them that it's advisable that they purge the information. It would seem like the person who called the other customer would have contacted you.... and not the other customers. I know it's not an easy thing to do, but you may have to contact your customers and explain something to them, or you can wait and see how many more complaints you get before you take action. Kevin Its a known problem when multiple users are using the same session ID either from a search engine or from hard coded link. Previous order cc# are not viewable from user acount. Link to comment Share on other sites More sharing options...
kwalker Posted January 2, 2006 Share Posted January 2, 2006 Its a known problem when multiple users are using the same session ID either from a search engine or from hard coded link. Previous order cc# are not viewable from user acount. Although it may or may not be easy to deal with, it's sounds like traffic is coming in, and so are the orders. "What I didn't know yesterday, I know today & will remember tomorrow" (By Kwalker) What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download? Link to comment Share on other sites More sharing options...
kidd6801 Posted January 2, 2006 Author Share Posted January 2, 2006 Its a known problem when multiple users are using the same session ID either from a search engine or from hard coded link. Previous order cc# are not viewable from user acount. Thank you for the responses. Is is exactly what happened. When I put together our newsletter I accidently coppied the session ID with one of the links to a product. I will be more careful in the future. KiDD Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.