Jump to content
Latest News: (loading..)
marleyman

Thousands of items in customer's shopping cart

Recommended Posts

Hi, We are very baffled about this issue that our customers keep emailing us about:

Customers that haven't logged into their online account for a while, log in and there are thousands of items in their shopping cart!

We cannot figure out how this keeps happening. Can anyone help shed some light on this strange behavior?

We're running osCommerce Online Merchant v2.3.4

Thank you!

Share this post


Link to post
Share on other sites

That could be a problem with session hijacking, where sessions aren't really working properly and you get multiple people (and in this case probably spiders too) sharing the same session id.

Make sure sessions are set to mysql, spider sessions false, and if your database has been brought forward from a previous version check that the session id field is long enough (128 chars)

Also check that when you navigate around the site there isn't a session id showing at the end of the url

Edited by BrockleyJohn

For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce (2.3.4.1 CE) here: https://github.com/gburton/Responsive-osCommerce/archive/2341-Frozen.zip

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites
4 minutes ago, BrockleyJohn said:

That could be a problem with session hijacking, where sessions aren't really working properly and you get multiple people (and in this case probably spiders too) sharing the same session id.

Make sure sessions are set to mysql, spider sessions false, and if your database has been brought forward from a previous version check that the session id field is long enough (128 chars)

Also check that when you navigate around the site there isn't a session id showing at the end of the url 

Thank you for your reply Brockley John! These are our sessions settings. Can you tell me how I would set our sessions to "mysql"?

Session Directory     /home/greenmo/public_html/testshop/includes/work/     
Force Cookie Use     False
Check SSL Session ID     False
Check User Agent     False
Check IP Address     False
Prevent Spider Sessions     True
Recreate Session     True

Share this post


Link to post
Share on other sites

it's in includes/configure.php

  define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 


For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce (2.3.4.1 CE) here: https://github.com/gburton/Responsive-osCommerce/archive/2341-Frozen.zip

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites
2 hours ago, marleyman said:

 /home/greenmo/public_html/testshop/includes/work/

I'm not sure that switching to file based sessions, which is what John, suggested will help but, if you do, are you sure the above is correct?

Share this post


Link to post
Share on other sites
3 minutes ago, Jack_mcs said:

I'm not sure that switching to file based sessions, which is what John, suggested will help but, if you do, are you sure the above is correct?

I just created a new directory and changed that setting to: /home/greenmo/public_html/sessions

But all of the settings that he told me to check were already set the way he told me to set them, so this is still a mystery to us. We cannot figure out why some customers log into their account on our site and they have thousands of items in their cart? It makes no sense.

Share this post


Link to post
Share on other sites
35 minutes ago, marleyman said:

/home/greenmo/public_html/sessions

I suggest changing the above to

/home/greenmo/public_html/includes/sessions/

That won't fix the problem you are having but is more secure.

For the problem,  I misunderstood John's last post. He wasn't saying to switch to disk, just showing where it was.  The first thing I would try is to clear the sessions table. I've never seen this happen before but that is a likely cause of the problem/

Also, it could be that you site has hacker code in it. If you create a new account, log out and log back in, is your cart populated? Are the items in the customers carts the same for all customers (install the Master Password addon to check this)? Are the items to products on your site or do they link elsewhere?

Share this post


Link to post
Share on other sites
9 minutes ago, Jack_mcs said:

I suggest changing the above to


/home/greenmo/public_html/includes/sessions/

That won't fix the problem you are having but is more secure.

For the problem,  I misunderstood John's last post. He wasn't saying to switch to disk, just showing where it was.  The first thing I would try is to clear the sessions table. I've never seen this happen before but that is a likely cause of the problem/

Also, it could be that you site has hacker code in it. If you create a new account, log out and log back in, is your cart populated? Are the items in the customers carts the same for all customers (install the Master Password addon to check this)? Are the items to products on your site or do they link elsewhere?

I moved the sessions directory as you suggested - thanks for that.

I just want to make sure before I do this - I'm inside the database in the Table: sessions, and I can see the attached screen shot. Are you saying I should delete these?

If you create a new account, log out and log back in, is your cart populated? No

Are the items in the customers carts the same for all customers? No I don't believe so but I can't be positive about this.

Are the items to products on your site or do they link elsewhere? They're on our website

screen.jpg

Share this post


Link to post
Share on other sites
38 minutes ago, marleyman said:

I just want to make sure before I do this - I'm inside the database in the Table: sessions, and I can see the attached screen shot. Are you saying I should delete these?

Yes, but that is the more difficult way since there may be many pages.  On the page where all of the tables are listed, click on the Empty link for that table to clear it all at once (see attached).

sessions.jpg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×