sahilsaid Posted August 9, 2010 Posted August 9, 2010 Hi, Please help me with this security issue. One of my customer emailed me today and said he came to my website today and he didn't even log on and when he clicked on my account link he was able to access someone else's account a;ready logged on. he could see all their orders and details. This also happened to me once when I went to make an test on my account page but I thought this might have just happened and thought it won't happen again. Please help me with this issue and tell me which file needs to be corrected (is it application_top.php). Thanks for your help.
Top_Speed Posted June 9, 2011 Posted June 9, 2011 Was this ever addressed?? I have the same problem also?? -KJ define('PROJECTS', 'Something that goes on forever!');
germ Posted June 9, 2011 Posted June 9, 2011 Was this ever addressed?? I have the same problem also?? -KJ In your admin set: Prevent Spider Sessions True Recreate Session True Update your spiders.txt file ( link here) Added in edit: The site in your profile has links "spidered" with the session ID attached. That would explain your problem. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Recommended Posts
Archived
This topic is now archived and is closed to further replies.