[TYPO3-commerce] Important: baskets seem to get shared among fe_users (security issue?)
Ingo Schmitt
mailinglisten at i-schmitt.de
Fri Sep 14 12:59:49 CEST 2007
Hi Franz,
> Hi,
>
>> I have a strange behaviour and maybe a "security" issue. I login as
>> userA, put some articles into the basket, don't go to checkout, log
>> off and then login as userB. After that I see the basket of userA.
>> This bug is not related to page caching and it's not related to
>> permalogin as it seems (the effect occurs with and without activated
>> permalogin when logging in).
>>
>> The next unexpected behavior is, that when I switch browsers on the
>> same computer, I get two different baskets. Maybe not what a regular
>> user expects.
>
> no comments from anybody? Seems like I'm talking to myself most of the
> time on this list :-/
>
sorry for the delay, but I'm currently hardly involved in a other
project. During the weekend I'll have the time to read the list and have
a look at the patches and review them.
Your Issue is strange for me, since it's working for me all the time.
Just for my information: Are you using real url and how did you
configure the basket hash value?
ingo
> --
> Franz
Mit freundlichen Gruessen
--
Ingo Schmitt mailto:is at marketing-factory.de
Marketing Factory Consulting GmbH http://typo3.marketing-factory.de/
Content Management mit Typo3: Beratung - Schulung - Realisierung
More information about the TYPO3-project-commerce
mailing list