Is there ANY way to fix the zenid problems ONCE AND FOR ALL?

[ChristinaB]

I am getting quite frustrated with the zen-id issue that allows one customer unknowingly to log in as another customer. We have problems every so often with this in our store, and today especially had a problem, where one customer received about 10 order confirmations that she did not ORDER!

I've done a search on this and seen SO many other sites have had this problem. Usually they are told not to post a link with the "zen-id" in it. This is fine & dandy, but how in the world do you inform everyone who visits your store that they have to be extremely careful in posting links to your store anywhere? We have lots of customers who like our stuff, then post at other places about it, and may include a zen-id without even knowing about the problem.

Is there some sort of fix for this that will take care of the problem once and forever? Some add-on we can add that automatically deletes a 'zen-id' part of a link when it comes through?

Does the newest version of zen-cart still have this problem (we have the version just before this recent change)?

Please help.

[Reesy]

go to the code suggestion forum and find a post by Jeff D about DWNOs mod that will solve this.

Please consider the code in that post to be very BETA and it wont work if your using a shared SSL.

[deadeye]

1.3.0.2 still has this issue. You can turn on 'recreate session id' in Admin->Config->Sessions

It'll take care of the case where the zenid is copied before a customer logs in.

The only exception to your problem is if the user copies the URL with the zenid after logging in and posts it somewhere. Until someone logs out using that session id or it times out...every connection using that zenid will be able to see that original users address, order history, etc.