Good Games Posted May 17, 2011 Share Posted May 17, 2011 Hey guys - hopefully someone has seen this problem - We're on OSC v2.2 RC2a What's happening is, on occassion and without a pattern that we can deduce - sometimes when someone logs in, after they enter their user/pwd, they get logged into as a completely different user. They have all the functionality then of the other user whose account they have then assumed. Obviously this presents a fairly major security issue for us - has anyone seen this or have any advice on the subject. Cheers - Scott Link to comment Share on other sites More sharing options...
germ Posted May 17, 2011 Share Posted May 17, 2011 The site's probably been crawled with osCsid's attached to the URL's. Do this If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Good Games Posted May 18, 2011 Author Share Posted May 18, 2011 Excellent I'll try that - Cheers - Scott Link to comment Share on other sites More sharing options...
hazmer1 Posted May 18, 2011 Share Posted May 18, 2011 could someone tell me what i ahve done to cause this in admin control the left box's display like this BOX_HEADING_CONFIGURATION BOX_HEADING_CATALOG BOX_CATALOG_CATEGORIES_PRODUCTS BOX_CATALOG_CATEGORIES_PRODUCTS_ATTRIBUTES BOX_CATALOG_MANUFACTURERS BOX_CATALOG_REVIEWS BOX_CATALOG_SPECIALS Discount Codes BOX_CATALOG_PRODUCTS_EXPECTED MySQL to Access BOX_HEADING_MODULES BOX_HEADING_CUSTOMERS BOX_HEADING_LOCATION_AND_TAXES BOX_HEADING_LOCALIZATION BOX_HEADING_REPORTS BOX_HEADING_TOOLS Header Tags SEO Heade Link to comment Share on other sites More sharing options...
germ Posted May 18, 2011 Share Posted May 18, 2011 click me If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.