DawnG Posted December 3, 2009 Share Posted December 3, 2009 On my site www.pagan-magic.co.uk the session ID doesn't disappear - I can't figure out why it's doing it. My Settings are as follows: Session Directory /tmp Force Cookie Use False Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session True I've been told by a customer that they were able to log into someone else's account - obviously this is very concerning. Please could someone help me ASAP. Link to comment Share on other sites More sharing options...
spooks Posted December 3, 2009 Share Posted December 3, 2009 On my site www.pagan-magic.co.uk the session ID doesn't disappear - I can't figure out why it's doing it. My Settings are as follows: I've been told by a customer that they were able to log into someone else's account - obviously this is very concerning. Please could someone help me ASAP. Possibly invalid links in site or to site causing lost/duplicate session creating your issue http://www.oscommerce.com/forums/index.php?showtopic=330479&hl also look at the mod for recreate session linked in that Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
DawnG Posted December 3, 2009 Author Share Posted December 3, 2009 It's seems to be in-site - when you browse the pages on most OSC sites the sid disappears after a few clicks, on mine it doesn't. Is it likely that I have settings incorrect in a php file? Link to comment Share on other sites More sharing options...
DawnG Posted December 3, 2009 Author Share Posted December 3, 2009 Thanks Sam, I had my configure settings incorrect. Link to comment Share on other sites More sharing options...
spooks Posted December 3, 2009 Share Posted December 3, 2009 It's seems to be in-site - when you browse the pages on most OSC sites the sid disappears after a few clicks, on mine it doesn't. Is it likely that I have settings incorrect in a php file? That would'nt spesifically cause this issue, except that anyone copying the url to link to your site would create one of the issues that i mentioned, as I said look at the recreate session topic. Some versions of MS2 seem to retain the sid, upgrade to rc2a, you'll have to soon anyway Upgrading osC from 2.2 MS2 to 2.2 RC2a http://addons.oscommerce.com/info/6654 Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.