Storing adress in cookie

Dec 8, 2009 at 11:57 AM

Hi folks,,

I see a critical bug in the actual version of NB_Store:

In the module settings I disabled "allow non-user order" and "disable login message".

Then I order some items, register as a new user, go thru checkout and everything is fine.
After logging out and closing the browser, I want to order something as a new user (i.e.Internet-cafe).

I go thru the same process, but when it comes to the page where I have to enter my adress, the adress from the previous person is displayed!
I think you must not write / read this cookie if you have login enabled. You better pull this information from the database after sucessfull login.

Best regards

Torsten Weggen

Coordinator
Dec 8, 2009 at 12:21 PM

Hi Torsten,

Yes, I agree!, a definite security issue for the internet-cafe and multi-user PC.  This one's slipped throught.

I'll post a work item and see if I can work out a fix ASAP.

Thanks,
Dave.

Coordinator
Dec 8, 2009 at 12:22 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.