robazar Posted April 14, 2008 Posted April 14, 2008 Well I am at a loss. I set up a web store for our company back in September of last year and everything was running smoothly until a few weeks ago. One morning while following our usual procedures for fulfilling web orders I was brought two separate orders printed from the orders screen of OSCommerce. The first order had the same customer for Customer/Billing/Shipping. The second order shared the same customer ID, but with a different person for shipping and billing. The credit card on this order also matched the shipping and billing customer, however it was placed through the other customers account. I do not have a customer in the customer list with this second name. This has now been repeated a handful of times over past few weeks. The latest one was brought to my attention this morning. A customer placed an order that was actually assigned to customer id that was not theirs. I've done a bit of investigating and when this happens the only thing I can find in common is that the orders are placed relatively close in time to each other (in a couple cases with 24 hours apart) and the other is that they share the same originating IP address. I was able to determine this from our authorize.net merchant email receipts. At the bottom of this receipt authorize.net displays the Date:, IP:, and Session:. Both the IP and Session: are identical. If you can me I would greatly appreciate it. Also, if any other information is needed just ask and I will do best to provide it to you. Thanks in advance.
♥geoffreywalton Posted April 14, 2008 Posted April 14, 2008 If you are on a shared server set the use cache option on the cache admin page to false. Might find some relevant info on google e.g. site:www.oscommerce.com/forums shared server cache Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
robazar Posted April 18, 2008 Author Posted April 18, 2008 If you are on a shared server set the use cache option on the cache admin page to false. Might find some relevant info on google e.g. site:www.oscommerce.com/forums shared server cache Geoffery, thanks for the help. Unfortunately, I had the issue show up again today. I am on a shared server, ixwebhosting.com, and had changed a number of things. I followed your instructions on setting the cache to false via the admin pages, and then based on what I had managed to get from google, I set the line in the catalog configure.php to define('STORE_SESSIONS', 'mysql'); to store sessions with the database and not as files on the server. Initally, I had everything set to false in admin->configuration->sessions with the session directory set to /tmp. After googling I set check ssl session ID, prevent spider sessions, and recreate session to true. I was kinda under the impression that the session ID should be very unique, but in most of the cases where this issue has happened the session id's passed to authorize.net and included within their receipt have all been the same "unique" string. I'm really at a loss. Again, any help would be greatly appreciated.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.