View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001735 | OXID eShop (all versions) | 4.08. Cache | public | 2010-03-31 11:46 | 2012-12-10 13:38 |
| Reporter | Bergfreunde | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | unable to reproduce |
| Status | resolved | Resolution | unable to reproduce | ||
| Summary | 0001735: User ends up in a foreign account | ||||
| Description | This bug applys to bug 0001686 which is already closed. We have this Bugfix in config.inc.php for about two weeks. But before two days a customer sent us a mail, that he ended up in a foreign account. As he descriped he finished an order and pushed the "back-button" of browser 2 or 3 times. After that he was in the account of another customer. He used Windows XP and IE. His provider is congstar. Please check and fix ASAP. | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | |||||
| PHP Version | |||||
| Database Version | |||||
| related to | 0001686 | resolved | tomas_liubinas | AOL proxy caches the cookies |
|
|
After investigation I could no way reproduce it. I checked caching headers in various combinations and all of them are ok. It would be good to check the instance of the shop itself whether it is configured correctly and the session is started as it should. Meanwhile I close this bug. |
|
|
I also checked session caching handling directly on brgfr site. It seems that cache handling headers presents always. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Which is correct. Anyway, even if proxy caches incorrectly, there should be no serious problem as sensitive information like user addresses and payment options are never cached as they are served under SSL. |
