Results 1 to 8 of 8
  1. #1
    Join Date
    Oct 2005
    Posts
    277
    Plugin Contributions
    0

    red flag Customer logged into someone else's account !

    Zencart v1.5.5f
    PHP Version: 7.0.33

    One of our customers logged in however he got access to someone else's account.
    We are not able to replicate this scenario , we only got 2 complaints so far in the last 3 months.
    What are our options to figure out things to rectify ?

  2. #2
    Join Date
    Nov 2007
    Location
    Woodbine, Georgia, United States
    Posts
    3,577
    Plugin Contributions
    52

    Default Re: Customer logged into someone else's account !

    Under Configuration >> Sessions, what are your settings?

    Don't include the Session Directory, but make certain it's correct

    ~Melanie
    PRO-Webs, Inc. :: Recent Zen Cart Projects :: Zen Cart SEO 12 Steps to Success
    **I answer questions in the forum, private messages are NOT answered. You are welcome to contact us via our website for professional engagements.

  3. #3
    Join Date
    Jul 2012
    Posts
    13,631
    Plugin Contributions
    16

    Default Re: Customer logged into someone else's account !

    Also, as you navigate your site, does the web address always have zenid=xxxx at the end of the address on every page or just at the first click?

    If it is every page, what php version are you using?
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

  4. #4
    Join Date
    Oct 2005
    Posts
    277
    Plugin Contributions
    0

    Default Re: Customer logged into someone else's account !

    Session Directory /xyz
    Cookie Domain True Info
    Force Cookie Use False
    Check SSL Session ID False
    Check User Agent False
    Check IP Address False
    Prevent Spider Sessions True
    Recreate Session True
    IP to Host Conversion Status true
    Keep Vistors Cart True
    Days Before Cart Expires 30
    Keep Cart Secret Key xyz
    Use root path for cookie path False
    Add period prefix to cookie domain True

    ==================

    I do not see zenid=xxxx always, only one off times while I navigate the website.

  5. #5
    Join Date
    Nov 2007
    Location
    Woodbine, Georgia, United States
    Posts
    3,577
    Plugin Contributions
    52

    Default Re: Customer logged into someone else's account !

    Some thoughts, the Keep Cart was not written for Zen Cart 1.5.5 and bumping your PHP to 7.1. From the perspective here on the forum this is difficult to try and troubleshoot.

    It's a pretty concerning situation. If you don't find an issue troubleshooting, then next time someone complains to you about it.... try to get as much information as possible. Such as:

    - browser & version
    - operating system
    - what page they logged in from if more than one login form exists

    ~Melanie
    PRO-Webs, Inc. :: Recent Zen Cart Projects :: Zen Cart SEO 12 Steps to Success
    **I answer questions in the forum, private messages are NOT answered. You are welcome to contact us via our website for professional engagements.

  6. #6
    Join Date
    Oct 2005
    Posts
    277
    Plugin Contributions
    0

    Default Re: Customer logged into someone else's account !

    The "Keep Cart" is not causing the issue cause we use this on our other websites too which have higher version of Zencart and Php and all works well.

    Nothing shows on the logs too, the only thing we can guess is probably we must be working on the website at that moment.

    Still not able to reproduce this issue, anything I can lookout to know the reasons ?

  7. #7
    Join Date
    Jul 2012
    Posts
    13,631
    Plugin Contributions
    16

    Default Re: Customer logged into someone else's account !

    If a link has been shared that has the zenid on it, then all accessing that link will "share" what they have. If they happened to first arrive at the site and put something in the cart, then everyone that arrived with that zenid will see the new addition as they navigate. If one of them then logs in, then they will all basically be logged in...

    Would add to mprough's list: how did the person get to the site? E.g. Email link from a newsletter or other correspondence from the store, web search result, some other website's posting, bookmark?
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

  8. #8
    Join Date
    Oct 2005
    Posts
    277
    Plugin Contributions
    0

    red flag Re: Customer logged into someone else's account !

    Can the below "RCS" email cause any issues, I do not see zenid but do see some string after the urls i.e "de6e4f9331e52e67e9e8291089a15d84"

    https://www.mydomain.com/categorypat...e8291089a15d84

    Also I have reduced session.gc_maxlifetime from 36000 to 7200

    Thanks

 

 

Similar Threads

  1. v151 Do products in someone's shopping cart preclude someone else from ordering them?
    By rayo in forum Setting Up Categories, Products, Attributes
    Replies: 8
    Last Post: 29 Nov 2014, 04:48 PM
  2. PayPal customer note not logged into ZenCart database
    By lat9 in forum PayPal Express Checkout support
    Replies: 2
    Last Post: 19 Oct 2010, 02:54 AM
  3. Replies: 4
    Last Post: 18 Nov 2006, 05:51 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR