Hi,
Please help me with this security issue.
One of my customer emailed me today and said he came to my website today and he didn't even log on and when he clicked on my account link he was able to access someone else's account a;ready logged on. he could see all their orders and details. This also happened to me once when I went to make an test on my account page but I thought this might have just happened and thought it won't happen again.
Please help me with this issue and tell me which file needs to be corrected (is it application_top.php).
Thanks for your help.
Latest News: (loading..)
0
Webiste security issue, customer can access someone else's account
Started by sahilsaid, Aug 09 2010, 14:45
2 replies to this topic
#3
Posted 09 June 2011, 16:43
Top_Speed, on 09 June 2011, 14:05, said:
Was this ever addressed?? I have the same problem also??
-KJ
-KJ
Prevent Spider Sessions True
Recreate Session True
Update your spiders.txt file ( link here)
Added in edit:
The site in your profile has links "spidered" with the session ID attached.
That would explain your problem.
Edited by germ, 09 June 2011, 16:50.
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
