cp163 Posted October 5, 2008 Posted October 5, 2008 My customer sometimes reported us that they can see another person's order history and address book if they click the order history link on order confirmation email. It seems like it doesnt happen every time. it is just suddenly happen and if they try again, they can see correct their order history and address book. I checked database and there is no double order ID and customer ID. i think there are some bugs for session control? Does anyone get same report from customer?? Thank you.
Jack_mcs Posted October 5, 2008 Posted October 5, 2008 It's a common problem, usually caused by using the hosts tmp directory. Look in your admin->Configuration->Sessions directory and change the path to a local one if it isn't. Also be sure the Prevent Spiders Sessions is set to true and that the sessions settings in the configure file is set to false. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
urte Posted October 5, 2008 Posted October 5, 2008 I have the same issue, have set prevent spider session to true (has been for a long time) and for path it shows /temp , how do i change that to a local path? also in my configure.php the last entry is define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' how do i need to change that? and what effect will have all these changes have to my customers if ne sessions are created / store.? It's a common problem, usually caused by using the hosts tmp directory. Look in your admin->Configuration->Sessions directory and change the path to a local one if it isn't. Also be sure the Prevent Spiders Sessions is set to true and that the sessions settings in the configure file is set to false. Jack
Jack_mcs Posted October 6, 2008 Posted October 6, 2008 I have the same issue, have set prevent spider session to true (has been for a long time)and for path it shows /temp , how do i change that to a local path? also in my configure.php the last entry is define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' how do i need to change that? and what effect will have all these changes have to my customers if ne sessions are created / store.? The name of the server directory is tmp so your has already been changed. That entry in the configure file is correct. Also make sure this one is present: define('USE_PCONNECT', 'false'); Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
failsafe Posted October 6, 2008 Posted October 6, 2008 My customer sometimes reported us that they can see another person's order history and address book if they click the order history link on order confirmation email.It seems like it doesnt happen every time. it is just suddenly happen and if they try again, they can see correct their order history and address book. I checked database and there is no double order ID and customer ID. i think there are some bugs for session control? Does anyone get same report from customer?? This is a common problem and I think the default database settings should be changed so people don't unwittingly fall into this trap. You can read more about it in thread 315496 here. Also see my Post #9 in that same thread that explains what's happening and a possible solution. You don't really need to mess with the `sessions` table in the database though. The stored sessions don't last long anyway. I have the same issue, have set prevent spider session to true (has been for a long time)and for path it shows /temp , how do i change that to a local path? also in my configure.php the last entry is define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' how do i need to change that? Don't change the STORE_SESSIONS flag; it's fine set to 'mysql'. It is correct that sessions should be stored in the database. My guess is that if you investigate your web server logs you'll find that the osCsid is still appearing in the link from some search engines even though you set the PREVENT_SPIDER_SESSIONS flag to true. Have you checked your catalog/includes/spider.txt file and verified it's doing its job correctly? Bear in mind that search engines do take time to rescan your site so it might be that they are still providing the links to pages before you changed the flag.
urte Posted October 7, 2008 Posted October 7, 2008 Ok, leaving STORE_SESSIONS flag as it is, prevent spider sessions is set to true via admin panel, should the recreate sessions set to true as well? what would that do, dont understand the bubble help. Is there an easy way to read / search through the access logs (i get daily digest and it is big and in .gz format) How do i check the spider.txt to check if it is doing its job corectly? i just updated it to the latest version. How long does it take for the search engines to have crawled enough to provide new links without session rather then the old ones? Don't change the STORE_SESSIONS flag; it's fine set to 'mysql'. It is correct that sessions should be stored in the database.My guess is that if you investigate your web server logs you'll find that the osCsid is still appearing in the link from some search engines even though you set the PREVENT_SPIDER_SESSIONS flag to true. Have you checked your catalog/includes/spider.txt file and verified it's doing its job correctly? Bear in mind that search engines do take time to rescan your site so it might be that they are still providing the links to pages before you changed the flag.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.