I’m having an issue on a client’s Magento store where we are occasionally getting orders assigned to the wrong customer. It appears to happen like so:
1. A customer places an order on the site and registers an account
2. Minutes / hours later, another (completely unrelated) customer places an order as a guest
3. Instead of the guest order being assigned to a new guest account, it gets assigned to the first customer’s account
4. The original registered customer receives the confirmation email intended for the guest customer
Obviously this is a huge data protection issue, not to mention looking incredibly unprofessional.
I’ve done some research and found the following threads on much older versions (1.3) of Magento, however we are running 1.7. Here they are anyway for reference:
I’ve implemented 2 “fixes” so far - the first being a script which aggressively deletes unused session files, and the second being to disable APC on the server (as there seems to be a known issue with Zend and APC and session caching).
However this problem is still occurring.
I can’t enable the session validation settings as the client is using ebizmarts SagePay payment extension which explicitly requires these options to be disabled. I’ve opened a support thread with them but they haven’t been particularly helpful so far:
Is there anything else we can try to alleviate this problem?