On Thu, 8 Nov 2007, Aaron Berg wrote:
I've run into an issue with session creation. A member of our staff was testing one of our IC sites and she had a customers data automatically pulled into her session. She clears her cache and cookies daily. The steps she followed are: Open browser Go to site Add an item to the cart Check out Choose country Then on the 'Shipping Address' page she was presented with the details of another user. She had not view this site in quite some time and had not logged into the admin. Closing the browser and repeating the steps presented her correctly with an empty 'Shipping Address' form. Hopefully this is not an issue with Interchange, but I'm not seeing how the browser could have caused this to happen as there were no saved cookies or cached data. Does anyone have any ideas on how I can fully isolate the cause of this?
Does she log into the Interchange admin? Edit orders or customer data? The default Interchange admin uses the same session that the storefront does, so information can leak that way for an admin user. (Customers would never see this.)
You said above that "She clears her cache and cookies daily", but only daily gives plenty of time for session info leakage to happen.
One way to narrow down the problem would be to have her use an entirely separate browser when using the admin vs. the customer-facing store. That is, use Firefox vs. Safari vs. IE, not just a separate window or tab.
Jon -- Jon Jensen End Point Corporation http://www.endpoint.com/ _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.