Loaded Commerce Community

Banner

View unanswered posts | View active topics


Board index » Loaded Commerce Support » Security Issues

All times are UTC - 5 hours




Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 
  Previous topic | Next topic 
Author Message
MoSqiToN
 Post subject: Security Problem on v6.2.Pro[13.1 (SP1)] or just my version
PostPosted: Sat Jan 03, 2009 4:16 pm 
Offline
CRE Newbie
User avatar

Joined: Tue Oct 12, 2004 12:00 am
Posts: 18
Hi CRE wizards,

needing help with this as it is racking my brain.
I have seen this twice now personally and it doesn't always happen but since one of my customers have told me about the same issue I have to get it fixed ASAP.

when a visitor comes to the website sometimes they are automatically "logged in" under a current users account and can add to cart and view all that users admin details (DOB, address etc.)
Seems like the site keeps a previous session open to the next or more visitors.

How can I fix this?

I am running version: CRE Loaded v6.2 B2B[13.1 (SP1)

thanks in advance
Top
 Profile  
 
CRE Loaded Expert
 Post subject: Re: Security Problem on v6.2.Pro[13.1 (SP1)] or just my version
PostPosted: Sat Jan 03, 2009 4:40 pm 
Offline
CRE Legend
User avatar

Joined: Fri Jan 13, 2006 1:00 am
Posts: 11084
Location: Nappanee Indiana
that will happen if they are following a link that contains a session id (99% sure this is your issue)

the remaining would be server session.. but not very likely since it doesn't happen more often

You need to find how they got to your site and see if the link has the session id.. if it does, see if you can have the link altered.. or better yet, empty the sessions table

_________________
Jason Miller
https://www.creloadedexpert.com
CRE Loaded Expert Team
CRE Loaded Support
Home of the FIRST 100% tableless CRE Loaded template

Top
 Profile  
 
Sal
 Post subject: Re: Security Problem on v6.2.Pro[13.1 (SP1)] or just my version
PostPosted: Sat Jan 03, 2009 6:57 pm 
Offline
CRE Expert
User avatar

Joined: Wed Jul 30, 2003 12:00 am
Posts: 1411
Do you have HTML pages infront of your cre loaded installation?

do you have custom HTML in your CRE Loaded template?

If you do, then look a the url links in the HTML source and look for oscid=XXXX... that is a user tracking session, remove any of those you find and you will be ok.

_________________
Regards,

Salvatore Iozzia
Founder and Chief Evil Overlord
Loaded Commerce, LLC & The Reactor Works / Hosting
http://loadedcommerce.com | http://thereactorworks.com | http://thereactorhosting.com

JOIN THE LOADED SKYPE CHAT:
http://tinyurl.com/7mlvwot

follow me on TWITTER! http://www.twitter.com/saliozzia

Top
 Profile  
 
MoSqiToN
 Post subject: Re: Security Problem on v6.2.Pro[13.1 (SP1)] or just my version
PostPosted: Mon Jan 05, 2009 2:14 pm 
Offline
CRE Newbie
User avatar

Joined: Tue Oct 12, 2004 12:00 am
Posts: 18
Guys thank you yet again for your prompt replies

greatpcs:
one user said he didn't do anything and just typed my site url and "landed" on a link with that session open to another user.

I tried to empty the sessions table by going into phpmyadmin and deleting the active sessions in that table there (I hope that is what you meant) so everything looks fine now.

Sal:
there are no HTML pages in front of the cre installation. the system is direct as it was supplied. Just under a different subfolder that is all.
I have sent you a PM.
Top
 Profile  
 
Sal
 Post subject: Re: Security Problem on v6.2.Pro[13.1 (SP1)] or just my version
PostPosted: Mon Jan 05, 2009 11:51 pm 
Offline
CRE Expert
User avatar

Joined: Wed Jul 30, 2003 12:00 am
Posts: 1411
Thanks for PM'ing me.

Once i looked at your URL and the redirect you had setup, the redirect had the oscid session value in it. It looks like you corrected the redirect shortly after that. Is all OK now?

_________________
Regards,

Salvatore Iozzia
Founder and Chief Evil Overlord
Loaded Commerce, LLC & The Reactor Works / Hosting
http://loadedcommerce.com | http://thereactorworks.com | http://thereactorhosting.com

JOIN THE LOADED SKYPE CHAT:
http://tinyurl.com/7mlvwot

follow me on TWITTER! http://www.twitter.com/saliozzia

Top
 Profile  
 
MoSqiToN
 Post subject: Re: Security Problem on v6.2.Pro[13.1 (SP1)] or just my version
PostPosted: Tue Jan 06, 2009 3:44 pm 
Offline
CRE Newbie
User avatar

Joined: Tue Oct 12, 2004 12:00 am
Posts: 18
got it fixed!
looks all ok now. Can't believe I missed that!

Thanks guys
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 

Board index » Loaded Commerce Support » Security Issues

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
It is currently Thu May 24, 2012 8:30 am
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

Main Menu

Login

Forums Latest Activity

Top Listing

1. Cart2Cart - Shopping...
    Category: Shopping Cart Database Conversion Scripts
    
2. Points & Rewards PLUS!...
    Category: Add-Ons
    
3. Configuration Server...
    Category: Fixes
    
4. Credit Card with CCV
    Category: Payment Modules
    
5. CC7333_ATS
    Category: Templates
    
Show more...

© CRE Loaded is a product of Chain Reaction Ecommerce, Inc. Usage & Privacy Policy