OC 1.5.6.4
I've noticed this a couple of other times as well, but chose to ignore it, since traffic was low.
The thing is, I visit my site sometimes, and it automatically tends to log me in from a random customer's ID, automatically. And, sometimes, when I am logged in using my own user-ID, it automatically adds products to my cart - which I figure is due to someone else accidently being logged in with my ID automatically.
It is worrying for me since I have seller functionality also built into some of the accounts[these seller accounts can post their products and earn a commission per sale]. If seller accounts start becoming accessible to random people, it is sure to cause more problem than one.
I have no idea why this is happening. Could someone help, please?
I've noticed this a couple of other times as well, but chose to ignore it, since traffic was low.
The thing is, I visit my site sometimes, and it automatically tends to log me in from a random customer's ID, automatically. And, sometimes, when I am logged in using my own user-ID, it automatically adds products to my cart - which I figure is due to someone else accidently being logged in with my ID automatically.
It is worrying for me since I have seller functionality also built into some of the accounts[these seller accounts can post their products and earn a commission per sale]. If seller accounts start becoming accessible to random people, it is sure to cause more problem than one.
I have no idea why this is happening. Could someone help, please?
try checking with your web host on that. Alternatively, it's time to change a web host.
Okay, it keeps getting weirder.
Today a customer(X) placed an order, and I am guessing due to this problem, another customer(Y) recieved an email for the same order. Then Y, emailed me the order mail asking to cancel the order, since he had not done it, and X had placed the same (new)order again with the same address again.
That's not all, look at this -
https://www.diigo.com/item/image/54x03/pcw8
https://www.diigo.com/item/image/54x03/chyu
https://www.diigo.com/item/image/54x03/qv38
In Multiple customer accounts, IPs are shown to be associated with multiple accounts - which is impossible, because all these accounts-holders are geographically separate and I am shipping orders to them.
AFA moving webshosting is concerned, I am not in a position to move to a dedicated server yet, and with the revenues my store generates shared-hosting is the only option as of now.
Today a customer(X) placed an order, and I am guessing due to this problem, another customer(Y) recieved an email for the same order. Then Y, emailed me the order mail asking to cancel the order, since he had not done it, and X had placed the same (new)order again with the same address again.
That's not all, look at this -
https://www.diigo.com/item/image/54x03/pcw8
https://www.diigo.com/item/image/54x03/chyu
https://www.diigo.com/item/image/54x03/qv38
In Multiple customer accounts, IPs are shown to be associated with multiple accounts - which is impossible, because all these accounts-holders are geographically separate and I am shipping orders to them.
AFA moving webshosting is concerned, I am not in a position to move to a dedicated server yet, and with the revenues my store generates shared-hosting is the only option as of now.
you can definitely move to a better shared web hosting. The issue you have is most likely due to session handling issues (which it's rare to hear of such issues)
If you need affordable web hosting for OpenCart, you can PM me. We do provide web hosting services.
If you need affordable web hosting for OpenCart, you can PM me. We do provide web hosting services.
This came up today again and has made things worse since traffic to the site has increased substantially.
Apparently session informatiom(including cart contents) get shared when this happens. It is so persistent today that all I had to do was reload the browser on my computer and I could log in with the account someone else logged in with over 500miles away. I could see their account, cart contents.
I don't know what is causing this.
Can anyone help please. I had to cancel 3 orders today, because of what happened as described in my previous post.
Apparently session informatiom(including cart contents) get shared when this happens. It is so persistent today that all I had to do was reload the browser on my computer and I could log in with the account someone else logged in with over 500miles away. I could see their account, cart contents.
I don't know what is causing this.
Can anyone help please. I had to cancel 3 orders today, because of what happened as described in my previous post.
you may wish to consider a VPS if it is a resource heavy website. Alternatively, it might be one of your extensions causing it when it is not well built.
At this point I think identifying the problem source before changing hosting again would be a priority.
What kind of extension may be causing this? I have about 20-25 modules installed, and since this issue is hard to replicate enabling disabling the extensions one by one may not even work. I mean, it worked fine for 2 months before cropping it's head up again yesterday, and at this point i don't even know what may be causing it.
What kind of extension may be causing this? I have about 20-25 modules installed, and since this issue is hard to replicate enabling disabling the extensions one by one may not even work. I mean, it worked fine for 2 months before cropping it's head up again yesterday, and at this point i don't even know what may be causing it.
Hosting has nothing to do with this problem. Disable page cache if it is enabled in any extension. Apparently if a page cache is enabled, the details of the first user who generates the cache end up getting shared with the second or third user who is at the site at the same time - because they are being served the same cached version of pages the 1st user has visited.
Notice that image cache or theme caching systems(js/css files) does not cause this problem. Only extensions such as NitroCache or any other which create pagecaches for so called performance gains are responsible for this. Default Opencart setup does not cause this.
Posting the most recent access logs from your webserver is the key of success especially when it is harden to reproduce the issue that may occur intermittently.It is very difficult to replicate, and I just seen the bug myself today, since clients have reported it
Is this server related or OpenCart issue?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
What exactly should I look into? Log file is thousand to hundred thousand lines long.
In addition:
I also encountered similar issue using a different platform. It was a login form by a known VPN service provider, I when I try to login, it auto fills the login form with username/password, so hitting the login button had logged me in to that account.
Similar thing happened to our OpenCart instances, as posted on this thread:
viewtopic.php?f=190&t=187578
In addition:
I also encountered similar issue using a different platform. It was a login form by a known VPN service provider, I when I try to login, it auto fills the login form with username/password, so hitting the login button had logged me in to that account.
Similar thing happened to our OpenCart instances, as posted on this thread:
viewtopic.php?f=190&t=187578
If your log file is that big than there must be a lot of issues on your OpenCart server, and it would be a good idea to work through its entries, to stabilize your system. It might even resolve the session issue.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
I think we did encountered similar issue, regarding the user login and IP address associated with multiple accounts.
My OpenCart is currently running on Apache2 and Nginx in front as a reverse proxy.
Now I noticed that OpenCart detects the server's IP address as the users IP address. So, all of my users was associated to my server's IP address. This issue was caused by NGINX configs, and now I was able to fixed it by with the help of these threads below:
- viewtopic.php?t=38727
- viewtopic.php?t=145307
Could the IP issue be the reason for the similar issue posted on:
viewtopic.php?f=190&t=187578
==========================================
My OpenCart is currently running on Apache2 and Nginx in front as a reverse proxy.
Now I noticed that OpenCart detects the server's IP address as the users IP address. So, all of my users was associated to my server's IP address. This issue was caused by NGINX configs, and now I was able to fixed it by with the help of these threads below:
- viewtopic.php?t=38727
- viewtopic.php?t=145307
Could the IP issue be the reason for the similar issue posted on:
viewtopic.php?f=190&t=187578
==========================================
ASG wrote: ↑Sun Mar 08, 2015 10:16 pmOkay, it keeps getting weirder.
Today a customer(X) placed an order, and I am guessing due to this problem, another customer(Y) recieved an email for the same order. Then Y, emailed me the order mail asking to cancel the order, since he had not done it, and X had placed the same (new)order again with the same address again.
That's not all, look at this -
https://www.diigo.com/item/image/54x03/pcw8
https://www.diigo.com/item/image/54x03/chyu
https://www.diigo.com/item/image/54x03/qv38
In Multiple customer accounts, IPs are shown to be associated with multiple accounts - which is impossible, because all these accounts-holders are geographically separate and I am shipping orders to them.
AFA moving webshosting is concerned, I am not in a position to move to a dedicated server yet, and with the revenues my store generates shared-hosting is the only option as of now.
For an OpenCart system you should always ensure a server affinity which is the ability of a load balancer or router to send a user's request to the same server where their session was initiated. As far as I know OpenCart does not support session-failovers.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
In another cart (osC), I've heard of session-leakage problems due to use of old PHP versions with newer application code (or was it vice-versa? anyway...). You might want to upgrade your PHP to a reasonably current level (5.6 or higher) if you're running on something downlevel. Just check first what your OC version can handle for PHP level.
Who is online
Users browsing this forum: No registered users and 118 guests