Checkout storing some users’ data and revealing it to next checkout visitor

  • Resolved jeremywendell

    (@jeremywendell)


    3 months ago

    I have read 2 posts on this, but our issue doesn’t appear to have the same cause (hosting cache). I have reached out to woo 3 times so far without response so am trying here for advice.

    In our WP/Woo ecommerce website, [ redundant link removed ], recently there are instances where a customer sees the previous customer’s personal details at checkout. These are customers on their own devices in different locations unknown to each other and the viewers of stored data that wasn’t theirs have emailed notifying us of the privacy breach. I have personally observed this twice making my own test purchases for other reasons, and have confirmed in the back end that the details are from the most recent customer. Stored data appears to delete after ~5-7 hours (in the single case i was able to watch for this). Fortunately, while addresses and contact info are stored, payment information was not. First time i saw this was Nov 21, the date WP 6.7.1 rolled out. I didn’t update immediately, but have now. Affected orders all processed by stripe (our default payment processor, so not necessarily unusual) so far. Stripe assures me that they can’t be causing this and that this is a woo issue. Hosting company assures me that they NEVER cache checkout data, and have also added checkout and cart explicitly as exclusions to the server cache. WP rockets assure me (with demonstration) that their software isn’t storing the data. I have placed test orders myself then go to the front end on a different device and/or private browser to see if data stored – so far all negative. As i can’t replicate this problem reliably (whenever i see a recent order i check if the checkout details are saved – mostly i’m at a total loss: website plugin troubleshooting obviously doesn’t work without being able to replicate the issue consistently. I am periodically checking for new orders on the website and then going to front end on incognito browser to see if personal data stored in checkout (but so far haven’t caught any except the two i saw coincidentally). Any advice on next steps to eradicate this troublesome, quirky and scary issue greatly appreciated

    Thanks in advance!

    jeremy

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator James Huff

    (@macmanx)

    I have reached out to woo 3 times so far without response

    I don’t see any attempts here https://www.ads-software.com/support/users/jeremywendell/topics/ , so I recommend trying at https://www.ads-software.com/support/plugin/woocommerce/

    threadi

    (@threadi)

    I would recommend that you first rule out all other plugins as the cause. The effect can be caused by many plugins, especially any caching plugin you are using. Deactivate all plugins and check whether the problem still occurs. You should actually be able to test it yourself by making entries in the checkout with 2 different devices.

    You are also using a commercial theme called Shoptimizer. This could also use internal caches that lead to this. I would recommend that you contact their support here: https://www.commercegurus.com/product/shoptimizer/ – questions about commercial products cannot be answered here in the forum.

    You are also using nginx as a web server. This can also have an internal cache / proxy that can lead to something like this. I would therefore also recommend that you contact your hoster’s support.

    Thread Starter jeremywendell

    (@jeremywendell)

    @macmanx , thank you. Woo’s bot did reply to my email to their support after I posted this (no useful info yet, but I’ll give it another day.

    @threadi, thank you for the suggestions. To clarify, I have used different devices and browsers to make test orders and then check the front end on a separate browser and/or device, and I cannot replicate the error: my details are never stored. However some other users’ details are. It appears to be infrequent, with 3 identified cases so far. Because my test orders have never replicated the problem, i don’t see how a plugin test will give me useful information: there never appears to be a problem with the test orders i place, yet 3 other users have had their data stored and displayed.

    I will contact Shoptimizer as you suggested and ask the hosting company about nginx. thank you for those suggestions!

    Moderator Support Moderator

    (@moderator)

    Thread continues at https://www.ads-software.com/support/topic/checkout-storing-some-users-data-and-revealing-it-to-next-checkout-visitor-2/

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Checkout storing some users’ data and revealing it to next checkout visitor’ is closed to new replies.