-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cache issues: user sees other's data #13
Comments
Hello, the plugin uses two tables to map social network profiles to user accounts:
Could you it be that you have reset your users without resetting the mapping tables? |
If it's a caching problem, then it could be that the cache displays old pages from the cache. So when user FooUser logs in, the cache might displayed a page which was cached for BarUser. |
@SchlesserClaude of course what happens is what you say .. the point is that disabling oneall plugin no caching issue appears for users .. I think that if it would be a page cache issue it should occur with or without oneall plugin BTW, no user reset was made .. I think it could be a wrong cache key in some template you use (smarty cache I mean) ... could it be? |
Could you give me the link to you shop so that I can test the error? |
Sorry, but we can't keep it online as every private user data will be disclosed .. Will try to debug next days |
Hi, Thanks. |
Accounts seems to be created with social login .. I'll try to reproduce to a test server ASAP in order to give you better statistics User foo registers and logins using sl |
Ok, thanks. |
@frdpnl this is not the case .. |
Hi, |
@frdpnl did you tried this OPcache settings? .. It seems that they are giving some strange behavior on my server .. if you can reproduce I'll work hard to isolate the bad setting. Thanks |
Hi, Thanks. |
Could be caching issue with ajax requests? ... I'm seeing a number of PS files not sending cache-invalidation headers on Ajax responses ... I have caching issue with BO orders/new-clients/new-messages badges too .. Hope this can help |
I'm going on fighting against this issue ..
Im' doing some tests .. it seems to be a problem with FB .. but I can't understand why CLeared browser cache, removed cookies, emtied any king of server cache ,.. server reboot done .. Unfortunately I can't leave the module active on the server for your tests, as it is a grave security hole and users personale data disclosure .. Can you point me to some kind of debugging I can perform by myself? What is the data flow I have to follow to try to find the bug? This is my settings: |
Just dropped everything in the DB:
AFAICS it seems to work !!! |
Hello, if this solves the issue then the problem is related to the mapping tables: DB_PREFIX + oasl_user Maybe at seem points you removed users but the mapping table was not updated |
If I login via social with a new user, for test, and then I remove this user in PS BO, then the related records in these mapping tables are not automatically removed. Moreover.. in a such scenario, how the hanging records can explain the resulting behaviour? Thanks |
We are experiencing grave cache issues with this module. After having logged in using oneall (FB, g+, etc ..) the user is allowed to go in but he access other user's account !!!
I.e.
As far as i can see it looks like some caching issue on the user token ..
any idea about the root reason? I'm ready to debug and fix, but need some directions ..
Thank you in advance
The text was updated successfully, but these errors were encountered: