Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

URGENT - Customers seeing other customers info


zentac

Recommended Posts

When a customer logs in with thier own login/password they are being presented with another users orders, address etc.... where do I start tacking this one down?

Start looking where the oscid is included as part of the url, as distinct to the oscid created when you first hit the site.

 

I think that this has recently been discussed in the forums.

Link to comment
Share on other sites

what appears to have happened is that my customer_id within the order table is being populated incorrectly, which is strange as the customer_name is correct.

 

Ive fixed them manually now, but which php script inserts into the orders table?

Link to comment
Share on other sites

what appears to have happened is that my customer_id within the order table is being populated incorrectly, which is strange as the customer_name is correct.

 

Ive fixed them manually now, but which php script inserts into the orders table?

 

Are you on a shared server?

Regards

 

Mark A Reynolds

Link to comment
Share on other sites

Have a read of this for a little background - common problem.

 

customer details seen by other customers

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

what appears to have happened is that my customer_id within the order table is being populated incorrectly, which is strange as the customer_name is correct.

 

Ive fixed them manually now, but which php script inserts into the orders table?

 

Anyone got any more ideas?

Link to comment
Share on other sites

Anyone got any more ideas?

 

Make sure that:

 

1) Admin > Configuration > Sessions > Prevent Spider Sessions and

Admin > Configuration > Sessions > Recreate Session

 

are both set to "true"

 

2) Make sure that any external links you may have posted to your site *do not* contain the unique session ID. So this:

 

http://yoursite.com/product_info.php?produ...34edff52081aa32

 

should just be this:

 

http://yoursite.com/product_info.php?products_id=22

 

I had an issue a week or so ago where a customer of my client pasted a link to the store into her Blog. She copied the session ID in as well - so everyone who subsequently clicked the link all came in on the same session ID. Caused all sorts of problems - and took a while to track down the offending external link too....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...