omahonydonnelly Posted December 13, 2006 Posted December 13, 2006 We received an email today from an account holder: "I opened your website to shop today and discovered I am logged in as {name omitted}. I can see her orders, change her orders etc. This is not good security! Thought you might like to look into it." It's been nearly a year since I set up OsCommerce for the site and I have no clue where to start. Anyone else have this issue, or know what I need to do to make sure it cannot happen again? Thanks.
Jack_mcs Posted December 13, 2006 Posted December 13, 2006 There are a number of things that can cause that. Check to see if you have this line in your configure file define('STORE_SESSIONS', 'mysql'); Also check the cache settings in admin. If that is enabled, make sure it is using a private directory for storage. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
omahonydonnelly Posted December 14, 2006 Author Posted December 14, 2006 Thanks for the reply. The config file does read: define('STORE_SESSIONS', 'mysql'); Caching is enabled, but not a private directory -- do I need to change the permissions, or something else to do this?
SCL Internet Posted December 14, 2006 Posted December 14, 2006 Sounds like this session problem, I've posted a solution in this thread.... http://www.oscommerce.com/forums/index.php?sho...=241614&hl=
exbabylon Posted December 19, 2006 Posted December 19, 2006 did this fix your problem? I have the same issues with some of my clients, and have been trying to fix this for months. Thank you, Alex
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.