View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002701||OXID eShop (all versions)||1.05. Users||public||2011-04-06 10:41||2012-03-27 14:55|
|Product Version||4.4.8 revision 34028|
|Target Version||Fixed in Version|
|Summary||0002701: Same voucher can be used several times if user comes to shop "without registration"|
|Description||If you purchase without registration the oxid of the user changes with every time you go from order step 2 to 3. Actual this is a not a problem but combined with vouchers you can redeem vouchers multiple times altought the voucher option "Valid with same Series, different Order" is set to no.|
Need to implement:
1. New option for vouchers (per serie) - that this coupon can be used only by Registered Users. If this option is marked - Coupon should not be calculated in the basket for not loged in users. When not loged in user tries to include this coupon - Note should be displayed for him in basket that "Please login/register to use this coupon".
2. Prepare help text for this option with description written above. Also include the note "if option "only Registed users" is not checked - then not registered users would be able to buy with this voucher".
Ask for proper texts and translations.
|Steps To Reproduce||1. Create a new voucher series with some vouchers (same voucher code) and set "Valid with same Series, different Order" to no. A user should only be able a voucher of this series one time.|
2. Purchase something without registration and use the voucher.
3. Close your browser or delete the cookies to get a new session.
4. Purchase a new item and you can use the voucher code again due to a new oxid on your user database record. With the new oxid the shop can't check if the voucher was already used.
|Tags||No tags attached.|
Reminder sent to: davidh
The case about creating new user accounts was already discussed in the bugtrack (0001441) and the dev-general list long time ago. Basicaly - we implemented such behavior as a security fix.
So this case is a feature, not an issue.
For details please check the discussions here:
and comments in bug entry 0001441.
||Case with handling vouchers should be investigated in more details.|
||To avoid this situation you should generate voucher code list, and dedicate one unique voucher code for one user. For the moment it's not possible to prevent anonymous (or several registered users) from reusing the same voucher.|