zopeuser Posted December 22, 2009 Posted December 22, 2009 Hi there we are running our os commerce 2.2 shop for 2 years now. Some users discover problems because they can see the address information of other users. Yesterday a user ordered an article with the address of another user. The address information he saw came from the the last order where a user had ordered an article 9 hours before. How could that happen? Any idea what might be wrong? Is there a security hole in the oscommerce shop? My cache configuration at config > cache > use cache is set to "false". Any tips are highly appreciated. Regards
BryceJr Posted December 22, 2009 Posted December 22, 2009 Log in to your osc admin panel. Under SESSIONS: Prevent Spider Sessions --> True If set to True spiders will be prevented from receiving a session id and starting a session. It is recommended that this setting is set to True. Recreate Session --> True If set to True the session id will be recreated when the customer tries to checkout or login to their account. This helps prevent two customers from accidently logging into each others account due to hard coded session id's in the store. (Requires PHP >=4.1)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.