Author Topic: HELP customers clicking account tab opens other customers screen  (Read 6672 times)

Offline rosarymau

  • Newbie
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Hi, The first day we went live with AbanteCart cart we discovered that when someone was logged in the next customer to click the account tab went straight to the account page of the customer already logged in...giving access to personal details ect. We discovered this when we were setting up the store and testing but thought it was just on computers on our network, until a customer alerted us that it was not just out network......we took AbanteCart cart down quickly. I had installed some extensions so I disabled these and tested again with the same result. Help please!

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 4425
  • Karma: +206/-0
    • View Profile
Re: HELP customers clicking account tab opens other customers screen
« Reply #1 on: May 21, 2014, 09:18:27 AM »
Hi, The first day we went live with AbanteCart cart we discovered that when someone was logged in the next customer to click the account tab went straight to the account page of the customer already logged in...giving access to personal details ect. We discovered this when we were setting up the store and testing but thought it was just on computers on our network, until a customer alerted us that it was not just out network......we took AbanteCart cart down quickly. I had installed some extensions so I disabled these and tested again with the same result. Help please!

Can You please post more details?
AbanteCart version? Where did you click 'account tab' post screenshot...
“Chuck Norris is so amazing.”
― Mother Teresa

Offline rosarymau

  • Newbie
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Re: HELP customers clicking account tab opens other customers screen
« Reply #2 on: May 21, 2014, 11:07:41 AM »
Hi, It is version V1.1.9. Installed through softalicious. I have attached the screen. The account link is on the top banner of the homepage between "cart" and "LOG OUT". The other screen attached is what can be seen when clicking the account link when someone else in this case me when testing) is logged in elsewhere.

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4164
  • Karma: +252/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: HELP customers clicking account tab opens other customers screen
« Reply #3 on: May 21, 2014, 01:03:26 PM »
Access to customer is restricted to authentication process. I can not replicate that you say.
Can you please try our demo http://demo.abantecart.com/

See if you encounter same.

If not, post URL to your site, so we can check 
« Last Edit: May 21, 2014, 01:07:05 PM by abantecart »
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline rosarymau

  • Newbie
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Re: HELP customers clicking account tab opens other customers screen
« Reply #4 on: May 21, 2014, 01:45:26 PM »
Hi, No, I am not getting the problem in the demo but checked again and am still getting the same with my site (using different browsers). I feel sure it is a setting that one of us here must have changed then forgot about. Thanks for the attention. I will PM the URL and log in details.

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4164
  • Karma: +252/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: HELP customers clicking account tab opens other customers screen
« Reply #5 on: May 21, 2014, 02:52:05 PM »
What you PMed to me is a URL to your admin. Are you providing admin access for your customers?
I would not do that.

Are you aware of "act on behalf" of customer feature in admin?
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline rosarymau

  • Newbie
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Re: HELP customers clicking account tab opens other customers screen
« Reply #6 on: May 21, 2014, 04:17:40 PM »
Hi, No customers get www..... /shop only

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 4425
  • Karma: +206/-0
    • View Profile
Re: HELP customers clicking account tab opens other customers screen
« Reply #7 on: May 22, 2014, 02:48:32 AM »
Hi, No customers get www..... /shop only

Can not replicate in my Softaculous 1.1.9 fresh install.
We really want help to find issue...can You please post step by step process? even better some video? What browser or browsers used?
Please post step by step guide to replicate issue
“Chuck Norris is so amazing.”
― Mother Teresa

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4164
  • Karma: +252/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: HELP customers clicking account tab opens other customers screen
« Reply #8 on: May 22, 2014, 11:42:16 AM »
I am still not clear how you able to pass customer authentication.
This does NOT happen on your site now. I tried.

1. Are you sure you do not click (or clicked before) "act on behalf" in admin?
2. What browser do your customer use?
3. Did you modify any code at that time?
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline rosarymau

  • Newbie
  • *
  • Posts: 7
  • Karma: +1/-0
    • View Profile
Re: HELP customers clicking account tab opens other customers screen
« Reply #9 on: May 22, 2014, 12:49:10 PM »
I am still not clear how you able to pass customer authentication.
This does NOT happen on your site now. I tried.

1. Are you sure you do not click (or clicked before) "act on behalf" in admin?
2. What browser do your customer use?
3. Did you modify any code at that time?
1. No
2. Can't say unfortunately
3. No code alterations but there have been two extensions installed - Wishlist and Abandoned Orders, three language packs and Flexi-promotions.

We have just done a test here.

Downstairs on computer1 the browser was logged into admin and had added a couple of items to the Cart.
Upstairs on computer2 I navigated to abantecart and clicked on the 'cart' icon without logging in. The cart details from the session on the computer1 was displayed and to all extents and purposes the sessions on comuter2 was logged in as if it was the sessions on computer1.

The only reasons I can think of for this to happen are that both computers operate on the IP external IP address.
Or computer2 has cache from when it was last legitimately logged in as admin - which would have been several weeks ago.In any case neither of those explain why customers in one country can see details of a customer logged in in another.

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4164
  • Karma: +252/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: HELP customers clicking account tab opens other customers screen
« Reply #10 on: May 22, 2014, 03:36:22 PM »
I am still not clear how you able to pass customer authentication.
This does NOT happen on your site now. I tried.

1. Are you sure you do not click (or clicked before) "act on behalf" in admin?
2. What browser do your customer use?
3. Did you modify any code at that time?
1. No
2. Can't say unfortunately
3. No code alterations but there have been two extensions installed - Wishlist and Abandoned Orders, three language packs and Flexi-promotions.

We have just done a test here.

Downstairs on computer1 the browser was logged into admin and had added a couple of items to the Cart.
Upstairs on computer2 I navigated to abantecart and clicked on the 'cart' icon without logging in. The cart details from the session on the computer1 was displayed and to all extents and purposes the sessions on comuter2 was logged in as if it was the sessions on computer1.

The only reasons I can think of for this to happen are that both computers operate on the IP external IP address.
Or computer2 has cache from when it was last legitimately logged in as admin - which would have been several weeks ago.In any case neither of those explain why customers in one country can see details of a customer logged in in another.

Hmm. If you have logged in before on the same computer/browser and session still alive, YES you can get in without login.
I suspect this was the case.


 
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

 

Powered by SMFPacks Social Login Mod