m4tty1 Posted February 9, 2007 Posted February 9, 2007 Hi people I'm in need of some advice. I have recently been made aware of a big big problem on my site. A new customer who hadn't even opened an account visited my site and clicked on "My Account" Here he was greated by another users details etc which showed him as being logged in. From here he could have edited all the details, viewed orders, all the stuff you can do when you are logged in. This guy was 200 miles away from the other user and on a different I.P Force Cookies Usage was off when the above happened Now I have switched it on this is what happens. My customers add items to their basket. When they reach the checkout stage there basket empties so they cannot purchase. Can anybody please help ? Kind regards
Velveeta Posted February 9, 2007 Posted February 9, 2007 Hi people I'm in need of some advice. I have recently been made aware of a big big problem on my site. A new customer who hadn't even opened an account visited my site and clicked on "My Account" Here he was greated by another users details etc which showed him as being logged in. From here he could have edited all the details, viewed orders, all the stuff you can do when you are logged in. This guy was 200 miles away from the other user and on a different I.P Force Cookies Usage was off when the above happened Now I have switched it on this is what happens. My customers add items to their basket. When they reach the checkout stage there basket empties so they cannot purchase. Can anybody please help ? Kind regards I'm not sure what's going on with the cookies issue, but I can say that you need to be looking for a solution to the problem itself, and not the symptoms... If you force cookies on to try to fix the problem with a non-logged-in user seeing another users' details, that problem still exists for some reason... That's the problem you should be focused on, especially since you'll be excluding potential customers in the future that may keep cookies disabled for fear of spyware... Richard. Richard Lindsey
Metatron Posted February 9, 2007 Posted February 9, 2007 Hi Matt In Admin/Configuration/Sessions Try applying the following: Force Cookie Use - True Check SSL Session ID - False Check User Agent - False Check IP Address - False Prevent Spider Sessions- True Recreate Session - False Does this help?
m4tty1 Posted February 14, 2007 Author Posted February 14, 2007 Hi Guys Thanks for the replies. I bit the bullit and completely redesigned the site. http://www.xbox-entertainment.co.uk If anyone has any suggestions please let me know. Regards
jasonabc Posted February 14, 2007 Posted February 14, 2007 http://www.oscommerce.com/forums/index.php?s=&...st&p=871675 Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
Recommended Posts
Archived
This topic is now archived and is closed to further replies.