ok this could be a serious problem but i cant seem to get it to happen again!!
basically i was doing some work on my dev server and was developing the checkout, i went from the the cart page (http) to the checkout (https) then clicked a link in the navigation to a standard cms page (http) and this link had the session id in it causing it to come up with a 404 error not found. Thats pretty anoying as it is but it gets worse.
I then went to the my account page and i was logged in as another user!
This user had been recently set up by someone else so it was impossible for me to have logged on as i have no idea what the password is.
either way i could see all there information in the admin area and was somehow logged on as them.
My immediate reaction was F*@k,
but then i thought i had not cleared the cache for a while and i had never done a rewrite rule refresh so i cleared all the cache options. I cant get this to happen again which is a good thing but i think this needs some looking into big time,
If anyone has any ideas what may have caused this i would be much appreciated.