Results 1 to 7 of 7
  1. #1
    Join Date
    May 2012
    Posts
    4
    Plugin Contributions
    0

    Default reuses user sessions (SSL) ?

    When 2 users visit my cart within minutes of each other, the second user sees the profile information of the first user, as if it is retaining the session on the server and offering it up to the next visitor.
    If the second user fails to notice and completes their purchase, their confimation email is sent to the first user (whose profile they are logged in under).
    I verified that the users are NOT sharing a computer (users were in 2 different cities).
    I tried enabling "check SSL session ID " to true, thinking this would force the 2nd user to create a new session, but no joy.

    What is going on here? How do I make Zen Cart make a new user session for each visitor?
    Should I enable check user agent ? (what is it?)
    Force cookies?

    Help!

  2. #2
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    67,426
    Plugin Contributions
    6

    Default Re: Zen Cart reuses user sessions (SSL)

    Have you sent emails with the zenid on it?

    Have you sent newsletters with the zenid on it?

    Have you posted links to your site with the zenid on it?

    Have you an URL to your site that we can test to see what might be wrong?
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today: v1.5.3]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...

  3. #3
    Join Date
    May 2012
    Posts
    4
    Plugin Contributions
    0

    Default Re: Zen Cart reuses user sessions (SSL)

    I'm not sure which id is the zenid. We are posting a link to the cart item on another promotional site:

    http://www.charlottesvillederbydames...&products_id=2

  4. #4
    Join Date
    May 2012
    Posts
    4
    Plugin Contributions
    0

    Default Re: Zen Cart reuses user sessions (SSL)

    Oh, so I rechecked the referring site, and it does have &zenid=blahblah on the end. That's forcing session reuse?

  5. #5
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    67,426
    Plugin Contributions
    6

    Default Re: Zen Cart reuses user sessions (SSL)

    As long as the links you post do not include in the URL:
    &zenid=xxxxxxxxx

    then that should be fine ...

    What are your settings in the Configuration ... Sessions ...
    Linda McGrath
    If you have to think ... you haven't been zenned ...

    Did YOU buy the Zen Cart Team a cup of coffee and a donut today? Just click here to support the Zen Cart Team!!

    Are you using the latest? Perhaps you've a problem that's fixed in the latest version: [Upgrade today: v1.5.3]
    Officially PayPal-Certified! Just click here

    Try our Zen Cart Recommended Services - Hosting, Payment and more ...

  6. #6
    Join Date
    Jan 2004
    Posts
    60,330
    Blog Entries
    4
    Plugin Contributions
    144

    Default Re: Zen Cart reuses user sessions (SSL)

    Quote Originally Posted by CDDerby View Post
    Oh, so I rechecked the referring site, and it does have &zenid=blahblah on the end. That's forcing session reuse?
    Yes, you have posted a link which specifies which session you want the customer to use, which is forcing customers to share the same data.

    Ajeh is asking you about your sessions settings. Specifically, you should have "recreate session" enabled so that when customers log in they get a new session. But if customers are already logged into the session you've advertised for everyone to use, then that setting won't make any difference.

    In short, you shouldn't include zenid values in URLs you post. Anywhere.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



  7. #7
    Join Date
    May 2012
    Posts
    4
    Plugin Contributions
    0

    Default Re: Zen Cart reuses user sessions (SSL)

    Thanks. I removed the zenid from all links and went ahead and updated recreate session as well.

 

 

Similar Threads

  1. Replies: 3
    Last Post: 15 Feb 2012, 11:28 AM
  2. user gets kicked off between ssl and non ssl
    By keneso in forum General Questions
    Replies: 9
    Last Post: 10 Aug 2011, 12:36 AM
  3. SSL-Sessions-Logins
    By droptest in forum General Questions
    Replies: 2
    Last Post: 18 Apr 2008, 12:05 AM
  4. User Tracking Mod issue: repeated Logins: Admin: View Sessions
    By dharma in forum All Other Contributions/Addons
    Replies: 8
    Last Post: 20 Feb 2008, 04:48 AM
  5. sessions.php error in SSL directory
    By nathmeister in forum Installing on a Linux/Unix Server
    Replies: 13
    Last Post: 12 May 2007, 02:22 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •