Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Order Confirmation Emails include Session ID of different user
 
WhoIsGregg
Member
 
Total Posts:  64
Joined:  2008-09-02
Tampa, Florida
 

Just had a customer complaint. They forwarded their order confirmation email and the link to “logging into your account” has a SID appended to the URL of a different user.

Completely signs them in as the other user and they can view and edit email, address information, place reorders, etc. etc.

Maybe this will be a reason for finally allowing SIDs in URLs to be completely disabled if we so choose?

>.<

 
Magento Community Magento Community
Magento Community
Magento Community
 
nileco
Sr. Member
 
Avatar
Total Posts:  79
Joined:  2008-10-29
Virginia
 

I had the same issue and solved it by doing two things:

1. Under System-Configuration-Catalog- change ‘Use categories path for product URLs” to ‘No”.

2. Add a section to your .htaccess file that redirects all traffic from non-www to www or vise-versa.
ex.
RewriteCond %{HTTP_HOST} ^domainname.com
RewriteRule (.*) http://www.domainname.com/$1 [R=301,L]

There are threads that you can find by searching for “SID link”

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top