Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security issues


cardcraft

Recommended Posts

Can anyone HELP Please?

 

We have received complaints from customers who are saying that when they go to log in to their account it opens the account of another member?

 

We have had four complaints in the last ten days, this is serious has it allows people to see personal details of others

 

HELP please

 

Thank you

 

Sandra

CardCraft

Link to comment
Share on other sites

If you do the following google search for your website

site:cardcraft-uk.co.uk oscsid
you will see that your website has been indexed with the session id in the url. This should not happen if you keep your spiders.txt file up to date and set prevent spider sessions to true in the admin panel (configuration -> sessions).

 

What is basically happening is that your customers are coming in to your website using the same session id so are therefore sharing the session and each others details. I believe the solution may be to set "recreate session" to true so that when the customers come to log in or create an account they are assigned a different session ID.

Link to comment
Share on other sites

Can anyone HELP Please?

 

We have received complaints from customers who are saying that when they go to log in to their account it opens the account of another member?

 

We have had four complaints in the last ten days, this is serious has it allows people to see personal details of others

 

HELP please

 

Thank you

 

Sandra

CardCraft

 

What has been said above although a more solid solution at this stage would be to install a full SSL certificate and force cookie use. You should have an SSL cert anyway.

 

You should also maybe delete existing sessions in the sessions table of your database/sessions directory (/tmp/)

 

The full SSL cert would need to be issued as www.cardcraft-uk.co.uk not cardcraft.co.uk. Shared certificates wont do it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...