fatshoesday Posted April 15, 2009 Posted April 15, 2009 Hi, I need some help. We have a live site and got a complaint from a customer that the thier personal details appeared on another persons computer, a friend who was on our site at the same time. She is understandably concerned but I have no Idea how this could happen. Can anyone help??
BryceJr Posted April 15, 2009 Posted April 15, 2009 Login to your osc admin panel >>configuration>>sessions Block Search Engine Spiders <--set to TRUE If set to True spiders will be prevented from receiving a session id and starting a session. It is recommended that this setting is set to True. Regenerate Session ID <--set to TRUE If set to True the session id will be recreated when the customer tries to checkout or login to their account. This helps prevent two customers from accidently logging into each others account due to hard coded session id's in the store. (Requires PHP >=4.1)
fatshoesday Posted April 15, 2009 Author Posted April 15, 2009 Thanks, I have these setting now. Session Directory /tmp Info Force Cookie Use False Info Check SSL Session ID False Info Check User Agent False Info Check IP Address False Info Prevent Spider Sessions True Info Recreate Session True Do you think this should be enough now? Thanks again,
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.