Good question... I dunno what is the answer to your question. I'll do some Googling and get back to you if I find an anything. You should email the people at iPage as they probably can help you..
Client "John" in alaska, I dunno what his browser is/was.
But ie here, latest version with latest patches.
I must say that I am not on the latest OSC milestone patch. I am forced to use an older version that comes packaged with hsphere..
Unless anyone has a link to some upgrade docs. I have the latest OSC, and have used it, but fear trying to upgrade older versions...
Just backup all of your current oscommerce files and database, then try to install the update. The update comes packaged in the normal release I believe. It cant hurt your current prediciment...
So I noticed some features in the "Session" configuration area. Turned on SSL Session ID checking and IP Address checking and the problem seems fixed..
In all that I know about programming, it seems ridiculous that this problem could even occur. I mean, you can program it to make this happen, but you have to actually mean to. But then again, i'm no expert...
IP address checking will likely cause you another problem as all AOL users are behind a proxy...
OK. I have the same problem on an old store (MS1) We've only noticed this recently and only for 4 orders over the last few months. Customers have written us emails about it so I can confirm it's in the wild and if you guys are running MS2 it's been around a long time. Is this an exploit?.
What version are you guys running? Is this only a problem with MS1? Does anybody know the definitive reason this happens?.
This post has been edited by.
: 12 July 2004, 02:19..
I have never used any OSC prior to MS2.2, and have never seen the problem described. So I may be way out in left field on this, but could it be related to pages being cached on the server? Perhaps it is cacheing the pages John accessed, SID and all..
Like I said, I could be profoundly wrong on this, but it might be something to look at...
Hmmm, just a little addendum. This store has recently undergone a little bump in popularity so there are quite a few people in the store at any one time. Right now for instance (Sunday, 7:46PM PST) there are 46 people browsing products..
I'd guess that number is 2-3 times higher during peak times. Maybe more. Is there anything interesting about how OSC keeps session data? There are multiple stores on this server as well and they all write data to /tmp..
Set session storage to mysql.
It should always be that way on shared servers. If you're using cache define your own diriectory. There's been about a zillion posts discussing this issue...
Thanks for the reply. I admin that server and there isn't any page cacheing so I wouldn't think that's it. Like I say this store has only recently exhibited this problem and only as it's popularity has increased. Those two things may be unrelated but it seems fishy to me..
Excellent point Alan,.
Thanks as I bet that'll get it..
Guys there is no problem with osc store..
Make sure these are the settings....
In admin>session> all should be false except "prevent spider session".
In both configure.php in includes folder shoul dhave last line telling that database is to be store din mysql..
Then in admin>session.
There is the first option abt the folder name. change that folder name to whatever name you want. create that folder in your admin folder in cattalog..
Using ftp program, right click on that folder and change the mode to 777 or all writable etc.....
U should be set...
I once had the same problem and traced it to an erroneous link to the oscommerce frontpage, like e.g..
If you have a link on your homepage with an osCommerce session id, different customers enter the store with the same session id and consequently use the same shopping cart.
Also if you link to specific products from outside osCommerce you always have to remove the session id from the URL...
I can't believe this is happening, but I've seen it first hand!.
I haven't been able to find a common denominator of this problem, but sometimes when an end-user goes to purchase something, OSC thinks they are someone else!.
John logged in and purchased something from alaska, he closed his browser without logging out.
I go to purchase something and suddenly have John's purchasing info in front of me! It wants to charge John's CC!.
How does OSC store session data? How is this at all even possible???.
Anyone ever heard of this?..
I just tried to replicate this but failed. I used two browsers with seperate cookie storage areas hence there weren't any cookies from my version of OSC stored in the fresh browser..
Were you using the same browser to check? If so, then it's basically just the cookie OSC uses that re-logged you in as the original customer..
I'll happily test your cart if you're willing.....