Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Customer data switched with another at checkout


djwreal

Recommended Posts

I'm having a rarely occurring problem where a customer goes to checkout, and they notice that their customer data is replaced with someone else's data. So far its only happened 3 times since Nov. 2007.

I made no updates around that time.

 

I've checked everything I can think of to check in the database and the config setting of the store, and everything seems just fine. I can't seem to replicate the problem myself either, so its a little hard to troubleshoot.

 

URL is https://www.colonialpatterns.com.

 

Any thoughts?

 

Thanks.

David W.

Realsight Interactive

Link to comment
Share on other sites

Are you on a shared server and cacheing data?

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Are you on a shared server and cacheing data?

 

Yes, I am on a server using virtual hosts.

Use Cache is off in osCommerce.

 

What's strange to me is that this has only happened once in the past 3 months, in November of '07. The other 2 or 3 time have all been in this month, within a few days.

I am very stumped at this point...

 

Thanks

David W.

Link to comment
Share on other sites

You have several Google results with the session id attached.

 

Who knows how many on other engines.

 

That can't be helping...

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

You have turned on Force Cookie Use with a full ssl cert, and that should work. However it's not, and I get the Cookie Usage page when I switch to an https page.

 

Your problem has been caused by search engines spidering your site and creating session ids which then appear in their links. You probably didn't have "Prevent Spider Sessions" set to true.

 

Someone comes to your site from that search engine link with the session id and logs into their account and then someone else comes from the same link with the same session id and ends up in the account of the first person.

 

Set Recreate Session to true, set Prevent Spider Sessions to true, and Force Cookie Use when you can get it working - check that both your http and https_cookie_domain settings in the includes/configure.php file are set to 'www.colonialpatterns.com'

 

Vger

Link to comment
Share on other sites

You have turned on Force Cookie Use with a full ssl cert, and that should work. However it's not, and I get the Cookie Usage page when I switch to an https page.

 

Your problem has been caused by search engines spidering your site and creating session ids which then appear in their links. You probably didn't have "Prevent Spider Sessions" set to true.

 

Someone comes to your site from that search engine link with the session id and logs into their account and then someone else comes from the same link with the same session id and ends up in the account of the first person.

 

Set Recreate Session to true, set Prevent Spider Sessions to true, and Force Cookie Use when you can get it working - check that both your http and https_cookie_domain settings in the includes/configure.php file are set to 'www.colonialpatterns.com'

 

Vger

 

OK that makes sense.

I've just made those changes...

 

I'll have to iron out that SSL cookie issue later.

 

Thanks!

David W.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...