Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP! Account Login Major Issue


boparound

Recommended Posts

I am hoping someone can help me with this as it completely renders my store useless!!!!!!!!!!......

I am just getting my store up and I had a friend from another city create a new account. As soon as he created a new account my computer switched over to his account. I logged out and logged back in and then he hit refresh and he has my account information. It seem only one person can be logged in at a time and as soon as someone new logs in everyone else is under that account. they can see the last person to login's account info and everything. where do i start?

Link to comment
Share on other sites

Log in to your osc admin panel.

 

1. Set CACHE to false

 

2. Under SESSIONS:

 

Prevent Spider Sessions --> True

If set to True spiders will be prevented from receiving a session id and starting a session. It is recommended that this setting is set to True.

 

Recreate Session --> True

If set to True the session id will be recreated when the customer tries to checkout or login to their account. This helps prevent two customers from accidently logging into each others account due to hard coded session id's in the store. (Requires PHP >=4.1)
Link to comment
Share on other sites

Sounds like a major security issue. I believe the session should be unique each time unless your sending your friend a link to your store with the session ID in it.

 

Double check your session setup in your config file. Check if your session ID is staying in the URL on multiple pages.. if it is then somethings not setup right.

 

I would also do as BryceJr suggested .. maybe even force Cookie Usage.

Link to comment
Share on other sites

Sounds like a major security issue. I believe the session should be unique each time unless your sending your friend a link to your store with the session ID in it.

 

Double check your session setup in your config file. Check if your session ID is staying in the URL on multiple pages.. if it is then somethings not setup right.

 

I would also do as BryceJr suggested .. maybe even force Cookie Usage.

made all the changes you guys recommended and no difference?????? not sure about the config file thing...I am somewhat of a novice at this.

when someone else logs into their account i see them so apparently their is only one session ever??????

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...