Konakart on shared systems with one page checkout

JohnQ · September 24, 2009, 09:09:03 am

We find that when a user closes a browser session on a shared or public machine, then another user opens a new session, the first user's details are retained and shown in the order.

Is there any way around this?

costis · September 24, 2009, 09:15:58 am

Hello someguy!

What version are you using?
Are you talking about the Administration Back-Office or the front application?

JohnQ · September 24, 2009, 09:19:46 am

Konakart 3.2.01.

Problem occurs in onepagecheckout in the store (front end).

JohnQ · September 24, 2009, 09:28:59 am

Additional info: We're using GWT one page checkout, without requiring the user to log on.

When the user has already entered delivery details, it bypassess address entry. We need it to always ask for the delivery details!

trevor · September 24, 2009, 10:05:39 am

By browser session, do you mean the whole browser or just the tab ?

QuoteWhen the user has already entered delivery details, it bypassess address entry. We need it to always ask for the delivery details!

In most cases this is actually a feature since it doesn't force people to re-enter information when making multiple orders. However, you have the full source code of the one page checkout and so can change the process to ask for the address every time if that's what you require.

JohnQ · September 25, 2009, 08:07:32 am

I think you're kind of missing the point here!

The scenario is that User 1 goes to the store, adds an item to their cart, fills in their details, but closes the browser without completing the sale. Closes down the browser completely.

User 2 then opens a new browser window, goes to the shop. Sees User 1's shopping cart contents. Deletes the unwanted products and adds their own. Clicks "Checkout", goes straight to credit card details, enters credit card details. And User 2's goods are sent to User 1.

trevor · September 25, 2009, 08:28:44 am

QuoteI think you're kind of missing the point here!

Or could it be that you hadn't even bothered to explain the point properly ?

Anyway, I've tried to reproduce what you are saying and haven't been able to. I'm using 4.1.0.0 and when the browser is closed and a new one is opened, I never see the old address. Also it's easy to disable the saving of the cart in cookies for unregistered users since this may not be desirable in a shared environment.

JohnQ · September 25, 2009, 08:43:16 am

On investigation, I was mistaken! Apologies.

Steps to reproduce:

1. Open Firefox (issue does not present in IE/Chrome since it creates a new instance for each window)

2. Open a Firefox Window#2. Browse to shop, add item to cart

3. Close Window#2 leaving Window#1 open. Open a new window. The cart items are displayed.

The issue was presenting to me because I wasn't closing all Firefox windows, so the session was retained. In a shared space where the user closes all browser windows, this problem will not present.

***** The topic of this thread is misleading, could the moderator change the topic or delete the thread?

-John.

costis · September 25, 2009, 09:42:15 am

Oh man!
... spent about 2 hours yesterday trying all possible scenarios on a 4.1.0.0 and a 2.2.4.0.
Could not reconstruct your case. I did close FireFox though ...

Regards

trevor · September 25, 2009, 10:44:01 am

Fortunately there isn't a security problem. However, this was a very irresponsible way of reporting it because if there really had been a problem, it's a fantastic way of disclosing it to hackers and potentially harming merchants using KonaKart . The proper way of reporting security concerns is to contact KonaKart in order to give us time to investigate the problem and create a patch if required; and only then make a responsible disclosure http://en.wikipedia.org/wiki/Responsible_disclosure

JohnQ · September 25, 2009, 11:32:41 am

Lighten up Trevor! I saw this as a problem for shared environments, not something that could be exploited remotely by malicious hackers. I think there's an opportunity for us to discuss these things and also remain pleasant and respectful.

-John.

costis · September 25, 2009, 12:46:24 pm

Hi John!
I think that it is a healthy attitude not to take security matters easy.
Especially with e-commerce applications.
After all security is the main concern with our customers and their customers too.

You scared me too yesterday.

greetings
Costis

JohnQ · September 25, 2009, 01:35:50 pm

Fair comment, my original topic was unnecessarily provocative and I should have given it some thought, sorry Trevor.

-John.

KonaKart Community Forum

Konakart on shared systems with one page checkout

JohnQ

September 24, 2009, 09:09:03 am Last Edit: September 25, 2009, 08:48:45 am by greg

costis

September 24, 2009, 09:15:58 am #1 Last Edit: September 25, 2009, 08:49:31 am by greg

JohnQ

September 24, 2009, 09:19:46 am #2 Last Edit: September 25, 2009, 08:49:40 am by greg

JohnQ

September 24, 2009, 09:28:59 am #3 Last Edit: September 25, 2009, 08:49:53 am by greg

trevor

September 24, 2009, 10:05:39 am #4 Last Edit: September 25, 2009, 08:49:19 am by greg

JohnQ

September 25, 2009, 08:07:32 am #5 Last Edit: September 25, 2009, 08:50:07 am by greg

trevor

September 25, 2009, 08:28:44 am #6 Last Edit: September 25, 2009, 08:49:07 am by greg

JohnQ

September 25, 2009, 08:43:16 am #7 Last Edit: September 25, 2009, 08:48:28 am by greg

costis

September 25, 2009, 09:42:15 am #8

trevor

September 25, 2009, 10:44:01 am #9

JohnQ

September 25, 2009, 11:32:41 am #10

costis

September 25, 2009, 12:46:24 pm #11

JohnQ

September 25, 2009, 01:35:50 pm #12