Guest Posted April 20, 2011 Share Posted April 20, 2011 Earlier this week we discovered that some (not all) customers who logs in gets another customers address etc in the checkout pages. We had two customers who changed the delivery address and completed the order, I don't know if there were others who aborted. They both got the same (newly created) account, so we deleted that one. Today there were two orders with empty addresses (except for the delivery address). I have tried everything I can think of to log in and see what they saw but I have not been able to do so, in other words - I have no idea what is causing this... This morning I did set the following values to TRUE under Configuration -> Sessions Check User Agent Check IP Address Recreate Session I don't know if that will help, but it was the only thing even remotely close that I could think of... We have not changed anything in the installation (I have not checked if we have been hacked, will do that against an offline copy tonight when the kids are asleep). I don't know if the provider has changed anything. The sessions are stored in the database: define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); I have searched the forum and google, but since I'm not sure what I should search for I have not found anything relevant.... I really have no idea what to look for next, any ideas? Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted April 20, 2011 Share Posted April 20, 2011 Have a look at my about me pages and look for the section on What to do if your Site Displays Info for Other Users / Sites HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Guest Posted April 20, 2011 Share Posted April 20, 2011 Thank you for the fast reply :) Unfortunatly, I already have STORE_SESSIONS set to mysql in both configure.php and the cache is turned off. I have checked for known hacks using VTS and checked everything it reported and they were all false positives (checked a lot of evals ;) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.