I've done a search and can't find this bug mentioned anywhere else. I've found a bug with coupon codes whilst testing OpenCart v0.7.7
If a coupon code is entered by customer A but he then logs out without paying, and customer B logs in without closing the web browser, customer B gets customer A's coupon code automatically applied to his order. Closing the browser in between visits resolves this.
I've not looked into the code but I would guess that the user's session is not destroyed when he logs out, rather his "status" is changed from "logged in" to "logged out" and so the coupon code (and possibly his cart contents) are passed on to the next shopper that logs in after him (without closing the web browser).
To fix this by clearing up the session when the user logs out, modify the file catalog\controller\account_logout.php to add the session_destroy() call as shown below.
Code: Select all
if ($customer->isLogged()) {
$customer->logout();
$cart->clear();
session_destroy();
$response->redirect($url->ssl('account_logout'));
}
The session should automatically time out after 3600 seconds. However, as bruce said it should really be correctly destroyed on logout.barns101 wrote: I've not looked into the code but I would guess that the user's session is not destroyed when he logs out, rather his "status" is changed from "logged in" to "logged out" and so the coupon code (and possibly his cart contents) are passed on to the next shopper that logs in after him (without closing the web browser).
You may also wish to place the destroy here:
"catalog/library/session/session.php"
Code: Select all
function destroy($session_id) {
$this->database->query($this->database->parse("delete from session where session_id = '?'", $session_id));
session_destroy();
return $this->database->countAffected();
}
Who is online
Users browsing this forum: No registered users and 1 guest
