Multiple customers using same session id! Need Help

[heavenlynights]

Hi all

Wondering if someone could help decipher this problem that I have just encountered

Paypal have been testing my store as requested by myself due to problems with receiving IPN notifications back to my admin.

While testing the store, they created an account and proceeded to place an item in the shopping cart and then proceeded to checkout upto step 3 (order confirmation) (NO PROBLEM YET TILL I LOOK IN USER TRACKING)

When I checked user tracking, I discovered that the tech guy from Paypal somehow during account creation managed to place items in cart under another customers session id even after that customer had logged off from their session.

So instead of the tech guy whom I will refer to as Mr X showing up as Mr X as being logged in it was as though my customer whom I will refer to as Ms Y continued to shop under her name. Tracking shows that this session has been open for over 57 hours.

Come to think it, Of late I have noticed quite a few sessions for guests running into the hundreds of hours without closing. I would say that these sessions contain tracking for possibly several guests. I AM SURE THAT THS IS A PROBLEM

In regard to Bots/spiders there sessions can run into something like 2000 + hours. I am not sure if this is normal.

Below is my configuration for sessions

Title Value Action
Session Directory /home/heavenly/public_html/catalogue/cache
Cookie Domain True
Force Cookie Use False
Check SSL Session ID False
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session False
IP to Host Conversion Status true

Please note that I take particular care NOT to leave any session id's in the link url when creating links

Any help would be really appreciated!!

[Kim]

What version are you using?

[heavenlynights]

Thanks for your response Kim

Live site is running 1.3.02 but I am in the process of upgrading to 1.3.5., fine tuning it at the moment.


Issue happened in my live site (1.3.02)

[Kim]

Try turning on the recreate sessions.

[heavenlynights]

Thanks kim.

Done as you suggested.

Is there anyway that I can ensure that this was effective, or do i need to wait a while to see if it happens again?

[Kim]

Keep an eye on it for the moment and test your login and checkout to make sure things are functioning properly.

[heavenlynights]

Thanks Kim

Shall do!!