Cart and user data is mixing up, leaking sessions

  • Resolved kevinpowertv

    (@kevinpowertv)


    4 years, 2 months ago

    Hello!

    I am on the latest version of WordPress and Woocommerce and I host with Kinsta. I have an issue where a user will add an item to the cart and begin the check out process only to find someone else’s information filled into the fields for the checkout page. This also happens with products in the cart. Other users products will be added or sometimes removed. It appears the user sessions are being cached and served to other users who are not logged in.

    Kinsta uses Nginx and they have already setup the cache bypass command for cart/account/checkout pages. I am not using any caching plugins at all.

    Cloudflare is being used to host DNS, but all proxies are off.

    Kinsta can’t figure this out. I can’t figure this out. I’m hoping for some help. Thank you!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support RK a11n

    (@riaanknoetze)

    Hi there,

    Just to make sure – are you seeing the same issue on a local instance of the website (meaning it’s sitting on a different server)? The reason I’m asking is that symptoms you’re describing are usually a result of caching.

    Also bear in mind that your hosting provider might need to whitelist additional ajax parameters as well: https://docs.woocommerce.com/document/configuring-caching-plugins/

    I’ve seen a similar issue with WooCommerce running on Kinsta with Cloudflare. I ended up dropping Cloudflare all together (not just turning proxies off) and the Nginx cache changes from Kinsta support resolved the issue for me.

    I also saw Let’s Encrypt certificate re-issue problems related to Cloudflare. Ultimately decided Cloudflare caused me more problems than it fixed.

    Thread Starter kevinpowertv

    (@kevinpowertv)

    Thanks for the replies.

    I have not tried this on a local machine because it’s almost impossible to reproduce. There has to be active traffic creating multiple sessions in order for the issue to show up.

    I will see about dropping Cloudflare. My site gets a ton of traffic, so I’m a bit worried about losing Cloudflares features.

    I saw the same issues on trying to reproduce the problem. It really only occurred on my high traffic sites.

    I was also concerned about losing some of the benefits of Cloudflare but having the SSL cert renewal fail and customers getting the “this site is insecure” warning combined with the leakage of PII from customers I couldn’t take anymore risks. Of course YMMV but I’ve had no issues after dropping Cloudflare. That was probably 6 months ago.

    Good luck.

    Plugin Support Tseten a11n

    (@tibetanitech)

    We haven’t heard back from you in a while, so I’m going to mark this as resolved – if you have any further questions, you can start a new thread.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Cart and user data is mixing up, leaking sessions’ is closed to new replies.