cardcraft Posted April 5, 2008 Share Posted April 5, 2008 Can anyone HELP Please? We have received complaints from customers who are saying that when they go to log in to their account it opens the account of another member? We have had four complaints in the last ten days, this is serious has it allows people to see personal details of others HELP please Thank you Sandra CardCraft Link to comment Share on other sites More sharing options...
K3D Posted April 5, 2008 Share Posted April 5, 2008 If you do the following google search for your website site:cardcraft-uk.co.uk oscsid you will see that your website has been indexed with the session id in the url. This should not happen if you keep your spiders.txt file up to date and set prevent spider sessions to true in the admin panel (configuration -> sessions). What is basically happening is that your customers are coming in to your website using the same session id so are therefore sharing the session and each others details. I believe the solution may be to set "recreate session" to true so that when the customers come to log in or create an account they are assigned a different session ID. Link to comment Share on other sites More sharing options...
♥FWR Media Posted April 5, 2008 Share Posted April 5, 2008 Can anyone HELP Please? We have received complaints from customers who are saying that when they go to log in to their account it opens the account of another member? We have had four complaints in the last ten days, this is serious has it allows people to see personal details of others HELP please Thank you Sandra CardCraft What has been said above although a more solid solution at this stage would be to install a full SSL certificate and force cookie use. You should have an SSL cert anyway. You should also maybe delete existing sessions in the sessions table of your database/sessions directory (/tmp/) The full SSL cert would need to be issued as www.cardcraft-uk.co.uk not cardcraft.co.uk. Shared certificates wont do it. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.