I'm having an issue on my site where some customers are being automatically logged into a different user's account as soon as they enter the site.
This has happened twice now, and orders were placed both times to accounts that weren't even theirs.
I recently upgraded my site from 2 to 3.0.3.2. Any help would be greatly appreciated!
Are you using any theme, extensions or modifications that could affect sessions or caching? Are you using any form of site caching? Is your site a very busy site with a bloated session table in the database?
And how did you do that?MJimprints wrote: ↑Tue Sep 29, 2020 4:58 amI recently upgraded my site from 2 to 3.0.3.2. Any help would be greatly appreciated!
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Thank you. I upgraded the site w/a new install and then copied all the necessary db tables from my old site.
Default theme. Don’t know of any extensions that would affect sessions or caching. I’m using GoDaddy w/website security & firewall which has minimal caching.
I can’t duplicate the problem myself, but I’ve had multiple customers call in about it.
Trying to figure out if it’s a problem w/my install or my hosting.
Default theme. Don’t know of any extensions that would affect sessions or caching. I’m using GoDaddy w/website security & firewall which has minimal caching.
I can’t duplicate the problem myself, but I’ve had multiple customers call in about it.
Trying to figure out if it’s a problem w/my install or my hosting.
The only way a user can get signed in as another is when he/she gets the same session id.
That can only happen when:
1) you issue the same session id to multiple users which is doubtful.
2) a hacker is accessing your site with a random session cookie hoping he is very lucky that that id is still around (but he would not complain).
3) these users are issued a session id which still lingers in your session table or session directory (depending on where you store your session data).
The chance of that happening is very small but increases when you do not clear that store regularly and it fills up fast.
Hence ADD Creative's question about a bloated session table/directory.
The only way to prevent that is to check if a generated session id already exists in the table/directory before issueing it but regularly performing session garbage collection should suffice.
That can only happen when:
1) you issue the same session id to multiple users which is doubtful.
2) a hacker is accessing your site with a random session cookie hoping he is very lucky that that id is still around (but he would not complain).
3) these users are issued a session id which still lingers in your session table or session directory (depending on where you store your session data).
The chance of that happening is very small but increases when you do not clear that store regularly and it fills up fast.
Hence ADD Creative's question about a bloated session table/directory.
The only way to prevent that is to check if a generated session id already exists in the table/directory before issueing it but regularly performing session garbage collection should suffice.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
How do you know if you cannot reproduce it?Tried clearing all my caches & repairing database, but still not fixed.
check the amount of records in your session table if you store them there.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Ok, my session table (oc_session) is pretty large. Can I empty it? Sorry, not very familiar with this.
"pretty large" is a qualification not a quantification, how many records?
You can delete them but better to put your site in maintenance mode first as active users would lose their session content (being signed out, preferences like language and currency reset, carts emptied etc.), no big deal but an inconvenience.
you can sort them on expire and leave the latest in there as they are the most likely active.
There have been issues with session garbage collection when storing the sessions in the database but I believe someone had a fix for that.
I store mine in files as is the normal way of doing it.
You can delete them but better to put your site in maintenance mode first as active users would lose their session content (being signed out, preferences like language and currency reset, carts emptied etc.), no big deal but an inconvenience.
you can sort them on expire and leave the latest in there as they are the most likely active.
There have been issues with session garbage collection when storing the sessions in the database but I believe someone had a fix for that.
I store mine in files as is the normal way of doing it.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Thanks for your help. Table has 72,000 records now.
I'll put into maintenance mode for now & clear it.
How can I store them in a file instead of db?
I'll put into maintenance mode for now & clear it.
How can I store them in a file instead of db?
that is indeed a lot.
As said, I put them in files via:
in your system/config/default and catalog files instead of
you set
then in you normal config.php files (catalog and admin) you define your DIR_SESSION to where you want to store them (outside of root, I put them on a ram disk)
As said, I put them in files via:
in your system/config/default and catalog files instead of
Code: Select all
$_['session_engine'] = 'db';Code: Select all
$_['session_engine'] = 'file';Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Sorry, one more question. It's all set to save to a file now. Will I need to clear this directory out manually on a regular basis?
Yes. Otherwise, you could create a cron job, or an OC event, to automatically clear out these files automatically on a periodic time.MJimprints wrote: ↑Wed Sep 30, 2020 1:54 amSorry, one more question. It's all set to save to a file now. Will I need to clear this directory out manually on a regular basis?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
this is done automatically already, no cron job required.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Who is online
Users browsing this forum: No registered users and 38 guests
