suppressed wrote: > On Thu, 8 Nov 2007, Aaron Berg wrote: > >> I've run into an issue with session creation. A member of our staff >> was testing one of our IC sites and she had a customers data >> automatically pulled into her session. She clears her cache and >> cookies daily. The steps she followed are: >> >> Open browser >> Go to site >> Add an item to the cart >> Check out >> Choose country >> >> Then on the 'Shipping Address' page she was presented with the >> details of another user. She had not view this site in quite some >> time and had not logged into the admin. Closing the browser and >> repeating the steps presented her correctly with an empty 'Shipping >> Address' form. >> >> Hopefully this is not an issue with Interchange, but I'm not seeing >> how the browser could have caused this to happen as there were no >> saved cookies or cached data. >> >> Does anyone have any ideas on how I can fully isolate the cause of >> this? > > Does she log into the Interchange admin? Edit orders or > customer data? The > default Interchange admin uses the same session that the > storefront does, > so information can leak that way for an admin user. (Customers would > never see this.) > > You said above that "She clears her cache and cookies daily", > but only > daily gives plenty of time for session info leakage to happen. > > One way to narrow down the problem would be to have her use > an entirely > separate browser when using the admin vs. the customer-facing > store. That > is, use Firefox vs. Safari vs. IE, not just a separate window or tab. > > Jon I find this happens VERY frequently when simply using another tab (at least within IE). I've only seen this within a new browser instance when still logged into the admin. Of course, different browsers would not produce this. So, I guess I am just agreeing with Jon :-) Paul Jordan Gish Network For Print, Web and Life suppressed _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.