Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security for Registered Shoppers


omahonydonnelly

Recommended Posts

We received an email today from an account holder: "I opened your website to shop today and discovered I am logged in as {name omitted}. I can see her orders, change her orders etc. This is not good security! Thought you might like to look into it."

 

It's been nearly a year since I set up OsCommerce for the site and I have no clue where to start. Anyone else have this issue, or know what I need to do to make sure it cannot happen again?

 

Thanks.

Link to comment
Share on other sites

There are a number of things that can cause that. Check to see if you have this line in your configure file

define('STORE_SESSIONS', 'mysql');

Also check the cache settings in admin. If that is enabled, make sure it is using a private directory for storage.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...