Shopping Cart Software
HELP: New customer going in under previous customer's login!
This is a discussion on HELP: New customer going in under previous customer's login! within the osCommerce 2.2 Modification Help forums, part of the osCommerce 2.2 Forums category; Hi all, I'm new to these forums and wonder if you can help...when a new customer orders, they sometimes manage ...
| |||||||
| Register | FAQ | Members List | Calendar | Mark Forums Read |
|
#1
07-29-2004, 11:47 AM
| |||
| |||
 HELP: New customer going in under previous customer's login! Hi all, I'm new to these forums and wonder if you can help...when a new customer orders, they sometimes manage to have gone in under the previous customers login. Obviously this causes all sorts of problems. One customer even said that when she tried to order she could see someone elses details! (didn't manage to get any more info than that though). Any thoughts?     |
| Sponsored Links | ||
| ||
| |
|
#2
07-31-2004, 09:18 PM
| |||
| |||
| This is a pretty strange and alarming problem, isn't it? Probably only occurs when a user leaves the site without logging out, but the idea that a subsequent user could pickup that previous user's session is a bit scary. Theoretically, that shouldn't happen, even in the case of misconfiguration. I haven't heard of anyone else with this problem, but it definitely warrants some further attention to see if it goes back to either a bug in OSC or possibly even in PHP. For the moment though, there are two ways you can keep this from happening. The best way is probably to enable "Check IP Address" in the Admin > Configuration > Sessions. That way, if a second user were to login, rather than being handed the previous user's session, a different IP address would be detected and a new session created. The only downside to this is that some online services -- AOL for example -- will change a user's IP address rather willy-nilly, even as they're browsing a site. The net effect is that with "Check IP Address" enabled, AOL users might be logged into your store and happily shopping away, AOL changes their IP address, then on the next page click, "BOOM", their session is lost and they have to login again, losing their cart contents. Definitely better than potentially handing a user another user's personal info, however. Another solution would be to turn on "Force Cookie Use", which would store the session id on the client, with no possibility of another user getting someone else's session. However, that option has headaches of its own, as you'll notice the first time you login after enabling it. Anyone else have any thoughts on this? |
| Sponsored Links | ||
| ||
| |
 |
| Thread Tools | |
| |
| ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Customer cannot login, redirected back to login page | BHenderson | osCMax v1.7 Installation | 2 | 02-09-2005 08:51 PM |
| Admin Login Problem - my customer can't login, I can | pram0310 | osCMax v1.7 Installation | 2 | 10-29-2004 11:46 AM |
| Remember Customer After Login?? | ProjectShadow | osCommerce 2.2 Modification Help | 0 | 10-21-2004 03:10 PM |
| Can't login/signup new customer | jbianco | osCommerce 2.2 Installation Help | 7 | 04-06-2004 01:56 PM |
| Customer Login box on the Homepage | Serial | osCommerce 2.2 Modification Help | 1 | 03-02-2003 09:44 AM |
All times are GMT -8. The time now is 08:43 AM.
