Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Order/account mismatch


roseco

Recommended Posts

Some of our customer's orders are being placed in different peoples accounts from time to time. There does not appear to be any any pattern to this but it is very confusing.

All payments are made via Paypal and we have the updated module installed.

Can anyone shed any light on this please?

 

Thanks.

Link to comment
Share on other sites

Some of our customer's orders are being placed in different peoples accounts from time to time. There does not appear to be any any pattern to this but it is very confusing.

All payments are made via Paypal and we have the updated module installed.

Can anyone shed any light on this please?

 

Thanks.

 

 

There may be hard links somewhere ion your site pointing a customer to buy a certain product. If you have included the osCid=xxxxxxx bit of the URL, what you have done is copy over a session ID into a link available to the general public.

 

If one of these sessions are active, then someon can place an order under someon elses account .. It is a good idea here to make adjustments to the session adminstration to restrict this from happenning and at the very least. Remove the oscid parameter from your URL.

 

Hope that helps.

--------------------------------------

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...