Post by ASG » Fri Feb 20, 2015 4:59 am

OC 1.5.6.4

I've noticed this a couple of other times as well, but chose to ignore it, since traffic was low.

The thing is, I visit my site sometimes, and it automatically tends to log me in from a random customer's ID, automatically. And, sometimes, when I am logged in using my own user-ID, it automatically adds products to my cart - which I figure is due to someone else accidently being logged in with my ID automatically.

It is worrying for me since I have seller functionality also built into some of the accounts[these seller accounts can post their products and earn a commission per sale]. If seller accounts start becoming accessible to random people, it is sure to cause more problem than one.

I have no idea why this is happening. Could someone help, please?

ASG
Active Member

Posts

Joined
Tue Sep 30, 2014 11:03 pm

Post by MarketInSG » Sat Feb 21, 2015 6:27 pm

try checking with your web host on that. Alternatively, it's time to change a web host.


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by ASG » Sun Mar 08, 2015 10:16 pm

Okay, it keeps getting weirder.

Today a customer(X) placed an order, and I am guessing due to this problem, another customer(Y) recieved an email for the same order. Then Y, emailed me the order mail asking to cancel the order, since he had not done it, and X had placed the same (new)order again with the same address again.

That's not all, look at this -

https://www.diigo.com/item/image/54x03/pcw8
https://www.diigo.com/item/image/54x03/chyu
https://www.diigo.com/item/image/54x03/qv38

In Multiple customer accounts, IPs are shown to be associated with multiple accounts - which is impossible, because all these accounts-holders are geographically separate and I am shipping orders to them.

AFA moving webshosting is concerned, I am not in a position to move to a dedicated server yet, and with the revenues my store generates shared-hosting is the only option as of now.

ASG
Active Member

Posts

Joined
Tue Sep 30, 2014 11:03 pm

Post by MarketInSG » Mon Mar 09, 2015 3:53 pm

you can definitely move to a better shared web hosting. The issue you have is most likely due to session handling issues (which it's rare to hear of such issues)

If you need affordable web hosting for OpenCart, you can PM me. We do provide web hosting services.


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by ASG » Sat Jun 20, 2015 9:01 pm

This came up today again and has made things worse since traffic to the site has increased substantially.

Apparently session informatiom(including cart contents) get shared when this happens. It is so persistent today that all I had to do was reload the browser on my computer and I could log in with the account someone else logged in with over 500miles away. I could see their account, cart contents.

I don't know what is causing this.

Can anyone help please. I had to cancel 3 orders today, because of what happened as described in my previous post.

ASG
Active Member

Posts

Joined
Tue Sep 30, 2014 11:03 pm

Post by MarketInSG » Sun Jun 21, 2015 8:50 am

you may wish to consider a VPS if it is a resource heavy website. Alternatively, it might be one of your extensions causing it when it is not well built.


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by ASG » Sun Jun 21, 2015 1:54 pm

At this point I think identifying the problem source before changing hosting again would be a priority.

What kind of extension may be causing this? I have about 20-25 modules installed, and since this issue is hard to replicate enabling disabling the extensions one by one may not even work. I mean, it worked fine for 2 months before cropping it's head up again yesterday, and at this point i don't even know what may be causing it.

ASG
Active Member

Posts

Joined
Tue Sep 30, 2014 11:03 pm

Post by badboy39 » Thu Mar 16, 2017 5:55 pm

Did someone face this issue in a dedicated host? Opencart 2.1

Newbie

Posts

Joined
Tue Jul 12, 2016 7:43 pm

Post by ASG » Tue Mar 21, 2017 1:27 am

badboy39 wrote:
Thu Mar 16, 2017 5:55 pm
Did someone face this issue in a dedicated host? Opencart 2.1
Hosting has nothing to do with this problem. Disable page cache if it is enabled in any extension. Apparently if a page cache is enabled, the details of the first user who generates the cache end up getting shared with the second or third user who is at the site at the same time - because they are being served the same cached version of pages the 1st user has visited.

Notice that image cache or theme caching systems(js/css files) does not cause this problem. Only extensions such as NitroCache or any other which create pagecaches for so called performance gains are responsible for this. Default Opencart setup does not cause this.

ASG
Active Member

Posts

Joined
Tue Sep 30, 2014 11:03 pm

Post by iplocker » Wed Sep 06, 2017 11:02 pm

Hello.
I have the same issue running 2.3.0.2, do you have resolve the issue ?
Thanks

Active Member

Posts

Joined
Sun May 26, 2013 6:39 pm


Post by cosmicx » Sat Dec 16, 2017 9:48 pm

I have this exact same issue on a VPS running VestaCP Control Panel.

It is very difficult to replicate, and I just seen the bug myself today, since clients have reported it

Is this server related or OpenCart issue?

Active Member

Posts

Joined
Mon Jan 09, 2012 6:27 pm

Post by straightlight » Sat Dec 16, 2017 11:11 pm

It is very difficult to replicate, and I just seen the bug myself today, since clients have reported it

Is this server related or OpenCart issue?
Posting the most recent access logs from your webserver is the key of success especially when it is harden to reproduce the issue that may occur intermittently.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by cosmicx » Sun Dec 17, 2017 2:51 am

What exactly should I look into? Log file is thousand to hundred thousand lines long.

In addition:

I also encountered similar issue using a different platform. It was a login form by a known VPN service provider, I when I try to login, it auto fills the login form with username/password, so hitting the login button had logged me in to that account.

Similar thing happened to our OpenCart instances, as posted on this thread:
viewtopic.php?f=190&t=187578

Active Member

Posts

Joined
Mon Jan 09, 2012 6:27 pm

Post by JNeuhoff » Sun Dec 17, 2017 10:28 pm

cosmicx wrote:
Sun Dec 17, 2017 2:51 am
What exactly should I look into? Log file is thousand to hundred thousand lines long.
If your log file is that big than there must be a lot of issues on your OpenCart server, and it would be a good idea to work through its entries, to stabilize your system. It might even resolve the session issue.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by cosmicx » Tue Dec 19, 2017 12:50 am

I think we did encountered similar issue, regarding the user login and IP address associated with multiple accounts.

My OpenCart is currently running on Apache2 and Nginx in front as a reverse proxy.

Now I noticed that OpenCart detects the server's IP address as the users IP address. So, all of my users was associated to my server's IP address. This issue was caused by NGINX configs, and now I was able to fixed it by with the help of these threads below:
- viewtopic.php?t=38727
- viewtopic.php?t=145307

Could the IP issue be the reason for the similar issue posted on:
viewtopic.php?f=190&t=187578

==========================================
ASG wrote:
Sun Mar 08, 2015 10:16 pm
Okay, it keeps getting weirder.

Today a customer(X) placed an order, and I am guessing due to this problem, another customer(Y) recieved an email for the same order. Then Y, emailed me the order mail asking to cancel the order, since he had not done it, and X had placed the same (new)order again with the same address again.

That's not all, look at this -

https://www.diigo.com/item/image/54x03/pcw8
https://www.diigo.com/item/image/54x03/chyu
https://www.diigo.com/item/image/54x03/qv38

In Multiple customer accounts, IPs are shown to be associated with multiple accounts - which is impossible, because all these accounts-holders are geographically separate and I am shipping orders to them.

AFA moving webshosting is concerned, I am not in a position to move to a dedicated server yet, and with the revenues my store generates shared-hosting is the only option as of now.

Active Member

Posts

Joined
Mon Jan 09, 2012 6:27 pm

Post by JNeuhoff » Tue Dec 19, 2017 7:01 pm

For an OpenCart system you should always ensure a server affinity which is the ability of a load balancer or router to send a user's request to the same server where their session was initiated. As far as I know OpenCart does not support session-failovers.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by MrPhil » Tue Dec 19, 2017 11:21 pm

In another cart (osC), I've heard of session-leakage problems due to use of old PHP versions with newer application code (or was it vice-versa? anyway...). You might want to upgrade your PHP to a reasonably current level (5.6 or higher) if you're running on something downlevel. Just check first what your OC version can handle for PHP level.

User avatar
Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm
Who is online

Users browsing this forum: No registered users and 118 guests