Shopper Info being pre-filled with other user's data!

Started by iskye81, May 02, 2018, 16:22:07 PM

Previous topic - Next topic

iskye81

Encountered this very serious issue, especially from a security point of view. When a guest goes to Register via the link on the top right on our site, the section below the register section (Shopper Information - Billing Details) has already been pre-filled with another user's info, please see here: https://www.scottishquality.com/Account.html.

I've tried to track down what's causing the issue, switching off SEF options, redirects etc, but to no avail. Seems that it will not direct to the correct url, i.e. blank registration page for guest users. Interestingly this doesn't occur when registering via the checkout page.

We did import users from our old site into this new one, and I'm wondering if this may be causing some issue, e.g. throwing up the ID of a previous billing address, but this makes little sense.

jenkinhill

This report from nearly 5 years ago noted the same issue as a data migration error:  http://forum.virtuemart.net/index.php?topic=119714

When I add a product to your cart & checkout the billing details are not pre-filled there.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

iskye81

Yes as I mentioned it doesn't occur when registering at checkout.

It appears to be an issue with old guest users who are being treated as registered on some level by the system - they have a user ID set to zero, which is presumably meant to be reserved for guest users.

Studio 42

It's prefilled by your browser. I checked and the form is blank