Results 1 to 2 of 2

HELP: New customer going in under previous customer's login!

This is a discussion on HELP: New customer going in under previous customer's login! within the osCommerce 2.2 Modification Help forums, part of the osCommerce 2.2 Forums category; Hi all, I'm new to these forums and wonder if you can help...when a new customer orders, they sometimes manage ...

      
  1. 07-29-2004, 11:47 AM #1
    rhino
    rhino is offline
    Lurker
    Join Date
    Jul 2004
    Posts
    1
    Rep Power
    0

    Default HELP: New customer going in under previous customer's login!

    Hi all,

    I'm new to these forums and wonder if you can help...when a new customer orders, they sometimes manage to have gone in under the previous customers login. Obviously this causes all sorts of problems. One customer even said that when she tried to order she could see someone elses details! (didn't manage to get any more info than that though). Any thoughts?
  2. 07-31-2004, 09:18 PM #2
    gravenimage
    gravenimage is offline
    New Member
    Join Date
    Jul 2004
    Location
    a mountaintop in Florida
    Posts
    22
    Rep Power
    0

    Default

    This is a pretty strange and alarming problem, isn't it? Probably only occurs when a user leaves the site without logging out, but the idea that a subsequent user could pickup that previous user's session is a bit scary. Theoretically, that shouldn't happen, even in the case of misconfiguration. I haven't heard of anyone else with this problem, but it definitely warrants some further attention to see if it goes back to either a bug in OSC or possibly even in PHP.

    For the moment though, there are two ways you can keep this from happening. The best way is probably to enable "Check IP Address" in the Admin > Configuration > Sessions. That way, if a second user were to login, rather than being handed the previous user's session, a different IP address would be detected and a new session created. The only downside to this is that some online services -- AOL for example -- will change a user's IP address rather willy-nilly, even as they're browsing a site. The net effect is that with "Check IP Address" enabled, AOL users might be logged into your store and happily shopping away, AOL changes their IP address, then on the next page click, "BOOM", their session is lost and they have to login again, losing their cart contents. Definitely better than potentially handing a user another user's personal info, however.

    Another solution would be to turn on "Force Cookie Use", which would store the session id on the client, with no possibility of another user getting someone else's session. However, that option has headaches of its own, as you'll notice the first time you login after enabling it.
    Anyone else have any thoughts on this?
« Remove subcategory listings in Category box | What folders to secure? »

Similar Threads

  1. Customer cannot login, redirected back to login page
    By BHenderson in forum osCMax v1.7 Installation
    Replies: 2
    Last Post: 02-09-2005, 08:51 PM
  2. Admin Login Problem - my customer can't login, I can
    By pram0310 in forum osCMax v1.7 Installation
    Replies: 2
    Last Post: 10-29-2004, 11:46 AM
  3. Remember Customer After Login??
    By ProjectShadow in forum osCommerce 2.2 Modification Help
    Replies: 0
    Last Post: 10-21-2004, 03:10 PM
  4. Can't login/signup new customer
    By jbianco in forum osCommerce 2.2 Installation Help
    Replies: 7
    Last Post: 04-06-2004, 01:56 PM
  5. Customer Login box on the Homepage
    By Serial in forum osCommerce 2.2 Modification Help
    Replies: 1
    Last Post: 03-02-2003, 09:44 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules