Customer order history displaying someone else's order and account info opencart 2.3.0.2

Hello Everyone,

We have a customer that is seeing other customer order history displaying their orders and account information. We are using opencart 2.3.0.2

We are experiencing the same issue that this other person was experiencing here:

viewtopic.php?t=215112

I already notified our server:

They said the following:

The server doesn't handle sessions in any special way so I'm not sure what to check for that exactly but will take a look.

then they said the following:

I'm really not sure how this would be a server side issue at all, php sessions are php sessions, there isn't much we can do and I don't know what they mean by shared.

If anything, I would take a look at the applications caching:

system/library/cache/mem.php
system/library/export_order/PHPExcel/CachedObjectStorage/Memcache.php
system/library/export_order/PHPExcel/CachedObjectStorageFactory.php
system/library/PHPExcel/CachedObjectStorage/Memcache.php
system/library/PHPExcel/CachedObjectStorageFactory.php

Looks like they might possibly be storing data in cache which could be getting seen by other users.
---------

Has anybody seen something similar like this happening? if so how did they solve it? I have seeing other opencart users experiencing this on the forums but nobody seems to have an answer for it?

Do you know a solution? Please let me know.

Thank you

luisvillacrez wrote: ↑

Sat Jul 11, 2020 12:57 pm

We have a customer that is seeing other customer order history displaying their orders and account information. We are using opencart 2.3.0.2

Sounds potentially due to sessions on your server, or potentially to a data import - did you ever migrate data from a previous version?

Hello,

Thanks for the reply according to our server, they are saying that hey don't handle sessions in any special way so they are not sure what to check for that exactly.

and regards to your other question, yes did migrated from an older version to newer - Opencart version 2.0.1.1 to 2.3.0.2 version. This migration happened more than 2 years ago in February 2018. So, if that would have been that case wouldn't this issue would have occurred sooner?

Do you know what other areas can we check in order to solve this important issue? I have seen other OC users experiencing this. Has anyone else been able to solve it?

If you login as those customer, via the admin, what order history do you see?

Are you using any theme, extensions or modifications that could affect sessions or caching?

Have you checked the PHP session settings, using phpinfo()? https://www.php.net/manual/en/session.configuration.php

ADD Creative wrote: ↑

Thu Jul 16, 2020 11:09 pm

If you login as those customer, via the admin, what order history do you see?

Are you using any theme, extensions or modifications that could affect sessions or caching?

Have you checked the PHP session settings, using phpinfo()? https://www.php.net/manual/en/session.configuration.php

If I login in through the admin back-end, i see their respective orders.

no, i am not using any special theme - i am using this theme (https://www.responsivemiracle.com/lexus ... art-theme/) or caching extension

- (Have you checked the PHP session settings, using phpinfo()? https://www.php.net/manual/en/session.configuration.php) - no i have not what exactly should i bee looking here?

Thanks,

To check your servers PHP session settings you would need to upload a file to same directory as your OpenCart index.php called something like information.php. With the following in.
Then go to that file in a web browser, find the session section and check the settings.

Those are the current settings

ADD Creative wrote: ↑

Wed Aug 05, 2020 7:42 pm

To check your servers PHP session settings you would need to upload a file to same directory as your OpenCart index.php called something like information.php. With the following in.

Code: Select all

<?php phpinfo(); ?>

Then go to that file in a web browser, find the session section and check the settings.

Those are the current settings

Your session.gc_probability and session.gc_divisor are set to zero, this means usually means that your host is deleting the sessions different way to the PHP garbage collection.

See here for the defaults for these, may want to ask your host what is correct and if the old sessions are actually being deleted.
https://www.php.net/manual/en/session.configuration.php

From a security point of view you might want to switch the following on.
session.cookie_httponly
session.cookie_secure

It looks like you are on PHP 7.0 which has reached its end of life (unless your host is using a maintained version), you might want to consider PHP 7.2 or 7.3.

Did the problem occur recently or after any changes to the server such as change on PHP version?

ADD Creative wrote: ↑

Mon Aug 31, 2020 7:41 am

Your session.gc_probability and session.gc_divisor are set to zero, this means usually means that your host is deleting the sessions different way to the PHP garbage collection.

See here for the defaults for these, may want to ask your host what is correct and if the old sessions are actually being deleted.
https://www.php.net/manual/en/session.configuration.php

From a security point of view you might want to switch the following on.
session.cookie_httponly
session.cookie_secure

It looks like you are on PHP 7.0 which has reached its end of life (unless your host is using a maintained version), you might want to consider PHP 7.2 or 7.3.

Did the problem occur recently or after any changes to the server such as change on PHP version?

Thank you so much for the tips. I already contacted our host to see what they say.

Also, Im experiencing sometimes an issue when customers are trying to add an item their cart they get a random error but it goes away after refreshing the page. This is a horrible use experience.

this is the error i recently saw when i was adding an item:

Fatal error: Uncaught Error: Class 'Cart\Cart' not found in /home/sitename/public_html/system/storage/modification/catalog/controller/startup/startup.php:185 Stack trace: #0 /home/sitename/public_html/vqmod/vqcache/vq2-system_storage_modification_system_engine_action.php(51): ControllerStartupStartup->index() #1 /home/sitename/public_html/system/storage/modification/system/engine/front.php(70): Action->execute(Object(Registry)) #2 /home/sitename/public_html/system/storage/modification/system/engine/front.php(38): Front->execute(Object(Action)) #3 /home/sitename/public_html/system/framework.php(103): Front->dispatch(Object(Action), Object(Action)) #4 /home/sitename/public_html/vqmod/vqcache/vq2-system_startup.php(142): require_once('/home/sitename/pu...') #5 /home/sitename/public_html/index.php(23): start('catalog') #6 {main} thrown in /home/sitename/public_html/system/storage/modification/catalog/controller/startup/startup.php on line 185


Thanks, in advanced.

Looks like you are using both OCMOD and vQmod. The error could be caused by an extension, a compatibility problem between extensions or the extension systems themselves. Are you using the latest version of vQmod?

You could try disabling the extensions one by one until the problem goes away. That might tell you if one of them is causing the problem.