yatahaze Posted March 10, 2006 Posted March 10, 2006 I have 2 emails today of customers complaining that they followed a link to a page on our store, and when they got there, they were logged in as another one of our customers. Can anyone give me some info as to why this is happening? One customer said another customer contacted her because she had access to her account, and deleted everything in her shopping cart before realising it was someone elses account. This is a big deal since we run a wholesale oscommerce store, where people spend a long time building an order of very many products. The specific link that these 2 customers are complaining about is a link to one of the categories of our store, which was sent in a newsletter. Which means there was a lot of traffic at the time. I'm hosting osc on a win2k3 web server running IIS. I dont have SSL setup, which I think is something I need to do right now, as it might be able to solve the problem.
VectorSix Posted March 10, 2006 Posted March 10, 2006 Sound like a search engine is picking up session ID's. There is a contrib for that: http://www.oscommerce.com/community/contributions,952 Good luck, V6 :thumbsup:
yatahaze Posted March 10, 2006 Author Posted March 10, 2006 Our store is private, google doesn't index it. The actual problem was the link we gave on the email had the oscsid on it. I don't really know why, because when I go back to get the link the exact same way, the oscid isn't there. I guess all I have to do is watch out for that.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.