reuses user sessions (SSL) ?
When 2 users visit my cart within minutes of each other, the second user sees the profile information of the first user, as if it is retaining the session on the server and offering it up to the next visitor.
If the second user fails to notice and completes their purchase, their confimation email is sent to the first user (whose profile they are logged in under).
I verified that the users are NOT sharing a computer (users were in 2 different cities).
I tried enabling "check SSL session ID " to true, thinking this would force the 2nd user to create a new session, but no joy.
What is going on here? How do I make Zen Cart make a new user session for each visitor?
Should I enable check user agent ? (what is it?)
Force cookies?
Help!
Re: Zen Cart reuses user sessions (SSL)
Have you sent emails with the zenid on it?
Have you sent newsletters with the zenid on it?
Have you posted links to your site with the zenid on it?
Have you an URL to your site that we can test to see what might be wrong? :unsure:
Re: Zen Cart reuses user sessions (SSL)
I'm not sure which id is the zenid. We are posting a link to the cart item on another promotional site:
http://www.charlottesvillederbydames...&products_id=2
Re: Zen Cart reuses user sessions (SSL)
Oh, so I rechecked the referring site, and it does have &zenid=blahblah on the end. That's forcing session reuse?
Re: Zen Cart reuses user sessions (SSL)
As long as the links you post do not include in the URL:
&zenid=xxxxxxxxx
then that should be fine ...
What are your settings in the Configuration ... Sessions ...
Re: Zen Cart reuses user sessions (SSL)
Quote:
Originally Posted by
CDDerby
Oh, so I rechecked the referring site, and it does have &zenid=blahblah on the end. That's forcing session reuse?
Yes, you have posted a link which specifies which session you want the customer to use, which is forcing customers to share the same data.
Ajeh is asking you about your sessions settings. Specifically, you should have "recreate session" enabled so that when customers log in they get a new session. But if customers are already logged into the session you've advertised for everyone to use, then that setting won't make any difference.
In short, you shouldn't include zenid values in URLs you post. Anywhere.
Re: Zen Cart reuses user sessions (SSL)
Thanks. I removed the zenid from all links and went ahead and updated recreate session as well.