You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
I still have a problem with customers getting other customers' details up on checkout. Having looked again at the link to help correct the problem, I would be grateful if you could point me in the right direction to do the fix. The instructions are
Add this to you .htaccess to take your customers direct to ccp6
Code:
RewriteRule ^$ /khxc/index.php
Where will I find this?
Diane
Offline
The rules in .htaccess wouldn't affect what you describe. If you have customers seeing other customers data you most likely have a "hard coded" link somewhere that includes the sid= paramater. Check your skin files and the web pages in CCP admin (the splash page mainly). It might also help if we had a link to your site.
Offline
Hi Dave, Thanks for your reply. This problem occurred back in August and I checked our website and couldn't find any links with sid= in them. In saying that, when you click on Check Out the browser is showing that in the link. Is this what needs removing and if so where would it be.
However, since August the problem still seems to be there and has got more serious. Yesterday the customer whose details were showing in August when someone else tried to order, has now had a delivery turn up that she didn't order. It seems that another company placed the order and paid by Paypal Standard. The payment came out of their Paypal account but the delivery address shown on the Paypal receipt was that of the customer in August. The order receipt I received from CCP showed all the details of the August customer also. I fail to see how this happened and what is more mysterious is the fact that these two incidencies occurred months apart and the August customer checked out as a guest and therefore her details are not stored in my admin. If that was the case how did her details turn up on an order months later?
If you look at our site you can see that we have made hardly any alterations to the standard skin and therefore whatever scripting is in there making the site malfunction must have been there from the start. I therefore believe that this is a fault with the software and should be addressed immediately. I can see from other posts that similar problems seem to be happening all the time. I am not sure but what happened this week with one person paying and another receiving means that our site is probably contravening the Data Protection Act and therefore if this cannot be resolved we will have to pull the site off the web altogether.
To enable you to look at the site the web address is wwwnail-and-beauty-shop.co.uk and I hope you will be able to get to the bottom of the problem once and for all, for not only my benefit, but for the benefit of all the others with the same problems.
As a matter of interest, since we had this new website, our orders from it have been virtually non existent although visitor numbers have remained the same as with our old one. I am wondering now if people have had problems when trying to check out and have given up and gone away.
I look forward to hearing from you soon.
Diane
Offline
The visitors sid value gets carried in the URL when going into checkout so that's normal. It's very difficult for those of us looking at your site to try and determine whether or not you have links with a sid in them that isn't the one assigned by CCP for each visitor. Since it's been a while since it last happened the place where there may be a link with a sid is likely in an area of your site that people may not visit frequently.
It's also very possible that it's being caused by an incorrect cookie setting in your installation. I noticed that moving around your site always carries the sid in the URL and that no cookie is being set. Run the CCP installer and make sure that your cookie domain is set to .nail-and-beauty-shop.co.uk (yes that has a leading period) for both the secure and non-secure cookie domains and that the cookie path is set to / (just a single forward slash) for both secure and non-secure.
Offline
Help!! I ran the installer and now I have lost the website altogether.
Offline
I've changed it back to what it was and gone home and the website is showing on the computer here. The only thing I had to change was the cookie path which was and still is set to /httpdocs. The cookie domains were as you said they should be. Should I try setting the cookie path to just / again or leave it as it is?
Diane
Offline
If you have CCP installed in the "root" of your site, which is quite commonly httpdocs, you should not need anything in that field or it may have just a single slash. The cookie domain is much more important. Given the fact that your site wasn't/isn't setting any cookies it may have been crawled by Google and links to your site with sids in the URLs have been indexed.
Offline
What can I do about that then?
Do I need to change the cookie path from /httpdocs to /
Offline
As I stated in post 4 your cookie domain needs to be .nail-and-beauty-shop.co.uk (with that leading period) and the cookie path should be simply / since you're running CCP in the root of your site.
Offline
I have tried putting / in the cookie path and that just takes the website off except for the splash page. When I change it back to /httpdocs you get the same. It appears that once you have accessed the site you can't get in again. The only page you can navigate to is the Create Account page and this then shows the details of the last visitor.
Something is seriously wrong with the set up of this site and unless I can get it sorted asap, I will have to pull it altogether.
Can you shed any new light on the matter.
Diane
Offline
You've mentioned changing the cookie path a couple of times but have you also corrected the cookie domain? Either one of those being "wrong" should not affect whether or not the site is actually visible no matter what. You may want to engage Howard to take a closer look by opening a support ticket with him.
Offline
The cookie domain was already correct, it was only the cookie path that was different. I don't know what has happened to it as I have set everything back to what it was including the cookie path as /httpdocs and you can still only access the splash page. At least the site was visible before, now it won't work at all even though the settings are the same as they were.
How much will it cost for Howard to look at it?
Diane
Offline
Please see the PM I sent you Diane.
Offline
I'm not sure what you mean but site not working at all but I'm not having any problems navigating around your site right now. It's still not setting a cookie though which is at least some of the problem.
Offline
If you now go out of the site and try to go back in again, can you still navigate around it?
Offline
Yes, just fine.
Offline
Right, I've changed the cookie path to just / so perhaps you could now try again.
Offline
You appear to have the cookie setting correct now. The problem with navigation is being caused by the fact that you have SEO enabled but don't have the correct rules in your .htaccess file. If you simply turn off SEO until you have the rewrite rules in .htaccess correct things will continue to work just fine. The reason the SEO style links weren't apparent before was due to the fact that your cookie domain and path were incorrect.
Offline
I just noticed that you're being hosted on a Windows server and using IIS as the web server. I don't know anyone who's been able to get URL rewriting to work correctly on an IIS web server so you definitely want to turn off SEO. IIS on Windows doesn't use the "normal" rewrite file that the vast majority of web servers use so having a rewrite file, .htaccess, isn't going to help in your situation.
Offline
Thanks Dave. I've turned off the SEO. We did try to get this sorted by the server a long time ago but to no avail so should have turned it off before.
Can you assure me that the problems with customers seeing other customer's details has now been sorted?
Offline
dijo98 wrote:
Can you assure me that the problems with customers seeing other customer's details has now been sorted?
Not with absolute certainty no. Areas of your site may have been indexed by search engines and contain links with SIDs in them. I will say that the chance of the problem surfacing again has been drastically reduced however.
Offline
I too am now experiencing the problem of a new customer see the last persons order details
i have looked for sid's but the only place i see them are in the mini search and other original ccp links , is it possible that someone could check my splash page for sid's or offer any other help as i have lost a customer today and who knows how many more because she felt uneasy about see other peoples details and did not like the thought that maybe someone could see hers .
this is worrying
site is wwwcraftersden.co.uk
thanks in advance
Offline