Menu
We have a Magento store and sometimes when users login it authenticates with someone elses user information.
When the user goes into my account they can see the order details of another customer.
I have found a forum that said to activate the Validate HTTP_USER_AGENT and Validate REMOTE_ADDR values under the Session Validation settings but we are still seeing the issue.
Does anyone have any ideas of what may be causing this issue?
Thanks in advance for your assistance.
George
636
Then you need to use Magento\Customer\Model\Session::isLoggedIn() to check if the customer is logged in or not.
I never really took the time to properly debug this, but some time ago we had an almost identical problem. Eventually it looked like that when System > Configuration > Web > Use SID on Frontend is enabled and you also have Magento Enterprise Full Page Cache enabled it sometimes saved the SID within cached templates. When other users clicked the link with the incorrect SID they sort of took over that session.
After disabled the SID option, we never had the problem again. Perhaps not a real answer, but maybe valuable information for you.
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
