Scrambled customer information in orders!

[Guest]

This is a pretty serious bug that's happening to a store I recently built out for a client.

 

Here is what happens:

 

1. Customer 'A' places an order. The order is processed correctly.

 

2. Customer 'B' places an order. The order is processed with Customer 'A's customer and shipping information but with Customer 'B's billing information. Customer 'A' receives an email confirming "their" recent order.

 

3. Customer 'C' places an order. The order is again processed with Customer 'A's customer and shipping info but with Customer 'C's billing. Customer 'A' receives an email confirming "their" recent order.

 

Does anyone have a clue as to why this is happening?

 

I'll post any thing I uncover while I try and figure this out.

[Guest]

Apparently there is also issue(s) with authorize.net.

 

Sometimes the system will try and run a transaction with the customer A's name in place of customer B.

In one case a transaction was run and completed through authorize.net without the order being added to the database in oscommerce.

In another a customers order was placed twice.

 

Is there something terribly wrong with the OSCommerce install or could it be a hosting problem? We're using SiteGround.

[Guest]

In an attempt to solve this I went under the 'Sessions' settings in the back-end and turned on 'Check SSL Session ID' and 'Recreate Session'. A few orders went in over the past few days with no errors but today a woman sent an email saying that another customers billing information was in place when she was all set to check out.

 

If anyone has any ideas please let me know, I'll do the dirty work I just don't know where to begin.

[shooter-boy]

The Check SSL Session ID and Recreate Session to TRUE should take care of almost all of the issues you have.

 

Also set to True - Prevent Spider Sessions etc.

 

This problem occurs when people somehow pick up old session IDs, usually from someone posting a link with the session id attached, or search engines doing the same.

 

It should sort itself out in a few days with those options set to true. It has nothing to do with the payment methods or hosting, it's all about session control. OsC has the facilities there, they just need to be enabled.

 

Rob