I would like to know the answer too. Anyone here know what is the right answer. I'll do some Googling and get back to you if I find an good answer. You should email the people at iPage as they probably could answer your iPage question..
Yes I am. Is this a problem in itself?.
Did you have a similar login experience when using hard coded links? Is this a known issue?.
Thanks for your help.
Nick..
Being on a shared server is potentially a problem. If you do a search in the forums, using the keywords "shared server", you'll come up with lots of threads that address this issue. Good luck and happy searching - I'd post the links, but I'm feeling lazy. Besides... dialup is SLOW...!..
Another possible issue here is that the sessions got mixed up. This could happen from time to time with two customers purchasing at exactly the same time..
The only wya to be completly safe is to 'force cookie use' which will not allow customers that do not have cookies enabled to purchase, thereby eliminating the session ID begin passed through the URL, which is the cause of the problem...
Thanks for your replies..
I now could trace the problem to links that included the session id, positioned on the startpage. The webmaster wasn't aware that he appended a (normally unique) session id to the link.
When two customers entered the shop over the same link, they had the same session id....
As we are in a shared server environment we will anyway force cookie usage from now on. No more security issues of this kind, please..
I am having the same problem. How do you "force cookie Use". And what hard coded links should I be looking for..
Thank You,.
Frank..
You can force cookie usage in configuration, but I think that causes another problem dont recall what tho.
Rolf..
I believe that storing sessions in a directory instead of the database also can cause this sort of problem. In your configure.php files, try setting your sessions line as.
Define('STORE_SESSIONS', 'mysql');.
If it's not already set as that..
We tried this and it caused an error on our admin.
[QUOTE]Warning: main(includes/functions/sessions_mysql.php) [function.main]: failed to create stream: No such file or directory in /catalog/admin/includes/functions/administrators.php on line 72.
Warning: main() [function.main]: Failed opening 'includes/functions/sessions_mysql.php' for inclusion (include_path='.://local/lib/php') in /catalog/admin/includes/functions/administrators.php on line 72.
Warning: Cannot modify header information - headers already sent by (output started at /catalog/admin/includes/functions/administrators.php:72) in /catalog/admin/includes/functions/administrators.php on line 87.
Also we are not on a shared server, we have a dedicated server..
How do you force cookies?????.
We do not have that in the admin panel under configuration, do we have to change it somewhere in the code?.
Our customers are seeing other customers accounts..
We are facing a serious problem with our live shop. It now happened 2 times that a new customer was automatically logged in as a registered customer (the two having nothing to do with each other) and then ordered something with the wrong payment and shipping details..
The new customer entered the shop a few minutes after the other person had left the shop. Maybe the latter forgot to log off, but even if he did not log off this should not happen!.
Can anyone imagine how this is possible?..
Are you, by any chance, on a shared server?..