[TYPO3-commerce] Important: baskets seem to get shared among fe_users (security issue?)
Karsten Dambekalns
karsten at typo3.org
Fri Sep 28 15:37:39 CEST 2007
Hi.
Franz Koch wrote:
> I have a strange behaviour and maybe a "security" issue. I login as
> userA, put some articles into the basket, don't go to checkout, log off
> and then login as userB. After that I see the basket of userA.
The session is bound to the browser, not the FE user. I.e. a FE user
logout does not destroy the session (completely).
I coded around this once by doing something along the lines of:
-----
} elseif ($logintype=='logout') {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
@session_destroy();
} else { // No user currently logged in:
-----
Karsten
More information about the TYPO3-project-commerce
mailing list