Customer Logs in and sees another customers account

**romanus** · 27 Sep 2007, 06:28 PM

I had a weird problem that I can't seem to track down. A customer logged into their account and saw another customer's information. Has anyone else ever had this problem? Could this be a session problem?

This is a 1.2.6 install with wholesale/dual pricing installed.

**DrByte** · 27 Sep 2007, 10:11 PM

Yes - it's likely a session problem .... but more specifically it's an advertising problem.
If the customer is coming to your site via a link that contains a zenid parameter, then *everyone* who comes to that link will share their information.

The key is to *NOT* post links that contain the zenid parameter. This means emails, advertising, everything.

In the newer versions of Zen Cart there have been some improvements to the Session Recreate logic which will dump the existing zenid during login and build a new one. You could try flipping that switch on in your current version, but I have no idea if it will help much or not. I suggest upgrading either way.
Admin->Configuration->Sessions->"Session Recreate" --- set to True.
Don't touch anything else in there.

**romanus** · 28 Sep 2007, 12:34 PM

Thanks,

I will make sure that we don't send out any links containing the session id.

An upgrade is in progress, but it takes a while to get through everything and test it