roseco Posted February 24, 2006 Posted February 24, 2006 Some of our customer's orders are being placed in different peoples accounts from time to time. There does not appear to be any any pattern to this but it is very confusing. All payments are made via Paypal and we have the updated module installed. Can anyone shed any light on this please? Thanks.
spiritquest Posted March 2, 2006 Posted March 2, 2006 Some of our customer's orders are being placed in different peoples accounts from time to time. There does not appear to be any any pattern to this but it is very confusing.All payments are made via Paypal and we have the updated module installed. Can anyone shed any light on this please? Thanks. There may be hard links somewhere ion your site pointing a customer to buy a certain product. If you have included the osCid=xxxxxxx bit of the URL, what you have done is copy over a session ID into a link available to the general public. If one of these sessions are active, then someon can place an order under someon elses account .. It is a good idea here to make adjustments to the session adminstration to restrict this from happenning and at the very least. Remove the oscid parameter from your URL. Hope that helps. --------------------------------------
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.