Jump to content

 

baba-studio

Member Since 22 Jan 2008
Offline Last Active Mar 10 2010 12:02 PM
-----

Topics I've Started

Security problem - users seeing each other's carts and profiles

22 November 2009 - 03:19 PM

On Friday evening I was asked by a buyer to change her cart. So I logged in and did "act on behalf of" then logged out and carried on.

However, since then, it seems if there are two or more users on the site at once they are seeing each other's carts and profiles. I've been fairly much bombarded with emails from customers about this. I've checked it myself and it's true - when I log on I can see all the details of one of the other users - as though I was "acting on behalf of", though I'm not!

I've tried logging myself out completely, and various other simple ways of perhaps fixing the problem - nothing has helped.

It's disastrous at this time of the year to scare customers away and especially so as I'd just sent out a newsletter - which always results in a lot of visits to the shop. We were upgraded by CS-Cart to V2 a couple of months ago so I assume this is a V2 bug. I think we're on 2.06 (need to check).

Has anyone else had this problem and please is there any fix I can put in myself for now? I don't think support are working today.

Many thanks,

Karen

baba-store.com (as you can see, we have had to close the cart).