DrKvack Posted March 10, 2007 Posted March 10, 2007 Has anyone else encountered this? I've searched the forum and haven't found anything. We have two oscommerce stores which have been running well for about a year now. Recently I received reports that some customers could see others' order history when logging into or visiting one of the stores. The only recent changes I'd made to the store with the recent errors was to add the Virtual Products contrib and a Quantity Limit contrib. The only other recent variable was when our entire site was recently inaccessible due to the site trying to grow beyond its host's allotted disk capacity. (Caused I believe by stats software eating all free space.) Well, the space constraints are no longer an issue and I looked at the database to investigate. I noticed that a few customers were not given their own unique customer number or as much as an entry in the customers table. Somehow they were still permitted during their login to complete an order but these were assigned to a previous customer's id number. Their address was saved in the address table as well. I cleaned up the database and scanned code for errors. The contribs I mentioned don't even seem to touch the Account Creation process. I relaunched the store after testing and being unable to reproduce the error. After quite a few orders in close proximity over the weekend the error recurred and I've kept the site offline since. If this rings a bell with anyone or if you think of anywhere else to look I'd appreciate feedback. Thanks in advance.
jasonabc Posted March 10, 2007 Posted March 10, 2007 Make sure that Configuration > Sessions > Prevent Spider Sessions and Configuration > Sessions > Recreate Session are both set to true. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
Nullachtfuffzehn Posted March 10, 2007 Posted March 10, 2007 Has anyone else encountered this? I've searched the forum and haven't found anything. We have two oscommerce stores which have been running well for about a year now. Recently I received reports that some customers could see others' order history when logging into or visiting one of the stores. The only recent changes I'd made to the store with the recent errors was to add the Virtual Products contrib and a Quantity Limit contrib. The only other recent variable was when our entire site was recently inaccessible due to the site trying to grow beyond its host's allotted disk capacity. (Caused I believe by stats software eating all free space.) Well, the space constraints are no longer an issue and I looked at the database to investigate. I noticed that a few customers were not given their own unique customer number or as much as an entry in the customers table. Somehow they were still permitted during their login to complete an order but these were assigned to a previous customer's id number. Their address was saved in the address table as well. I cleaned up the database and scanned code for errors. The contribs I mentioned don't even seem to touch the Account Creation process. I relaunched the store after testing and being unable to reproduce the error. After quite a few orders in close proximity over the weekend the error recurred and I've kept the site offline since. If this rings a bell with anyone or if you think of anywhere else to look I'd appreciate feedback. Thanks in advance. To me it sounds like porting the database over to a new server is causing your problems. I guess the autoincrement fields weren't set up properly, so that you get wrong results. Check your database tables, so you can see what the former entries were and what they're now.
Guest Posted March 11, 2007 Posted March 11, 2007 If this rings a bell with anyone or if you think of anywhere else to look I'd appreciate feedback. Thanks in advance. Use the search engines and check for pages of your store listed with the session id appended in the url. If you find any you could try using this: http://www.oscommerce.com/community/contributions,4112 It wont help for the cart contents but it can eliminate the issue mixing up customer details. And set the sessions settings as jason said so the spiders wont pickup session ids.
DrKvack Posted March 13, 2007 Author Posted March 13, 2007 Ah, Session errors. This certainly makes sense and explains why some visitors are not prompted to create or log into an account. I've now set Recreate Sessions to true and will investigate the contrib. Thanks to all who responded.
DrKvack Posted April 20, 2007 Author Posted April 20, 2007 In the interest of helping the community, I thought I'd post a follow-up. Other than the initial negligence to set Recreate Sessions to True, I found the source of my Sessions problem. I had posted a link to a section of my osCommerce site which still had the Session ID in the link address. This was sending customers to previous customers' sessions and allowing order history to be displayed. This is probably basic knowledge for many osCommerce users but bears repeating for the sake of any who read this thread and are just learning. Do not post links with Session Id's (as evidenced by 'osCsid=') in them! Thanks.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.