Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Customer logs in and gets another accounts data


Guest

Recommended Posts

Earlier this week we discovered that some (not all) customers who logs in gets another customers address etc in the checkout pages. We had two customers who changed the delivery address and completed the order, I don't know if there were others who aborted.

 

They both got the same (newly created) account, so we deleted that one. Today there were two orders with empty addresses (except for the delivery address).

I have tried everything I can think of to log in and see what they saw but I have not been able to do so, in other words - I have no idea what is causing this...

 

This morning I did set the following values to TRUE under Configuration -> Sessions

Check User Agent

Check IP Address

Recreate Session

 

I don't know if that will help, but it was the only thing even remotely close that I could think of...

 

We have not changed anything in the installation (I have not checked if we have been hacked, will do that against an offline copy tonight when the kids are asleep).

I don't know if the provider has changed anything. The sessions are stored in the database:

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

 

 

I have searched the forum and google, but since I'm not sure what I should search for I have not found anything relevant....

 

 

I really have no idea what to look for next, any ideas?

Link to comment
Share on other sites

Have a look at my about me pages and look for the section on

 

What to do if your Site Displays Info for Other Users / Sites

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Thank you for the fast reply :)

 

Unfortunatly, I already have STORE_SESSIONS set to mysql in both configure.php and the cache is turned off.

I have checked for known hacks using VTS and checked everything it reported and they were all false positives (checked a lot of evals ;)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...