Click on a product – adds to my basket, go to check out and another guys details, and then adds another product when i re-log in!

see the other thread but I assume you have told them?

not yet as i have just ordered my parts

I just posted it on their facebook but I’d assume based on the other thread that other people are currently looking at your account too.

Clear any cookies the website has set for a start.

I think they’ve had this problem before haven’t they?

Amazing:

rob jackson – Member
Click on a product – adds to my basket, go to check out and another guys details, and then adds another product when i re-log in!

POSTED 36 MINUTES AGO # REPORT-POST
mikewsmith – Member
see the other thread but I assume you have told them?

POSTED 32 MINUTES AGO # REPORT-POST
rob jackson – Member
not yet as i have just ordered my parts

“I haven’t taken the time to speak to the retailer in question but have gone on social media and a forum to spread the allegedly bad news before alerting them to a potential issue and giving reasonable opportunity to resolve it.”

Ok. Here is what I think is happening.

When you log on to Superstar it tries to set an session cookie. If it can’t set a cookie (because you are blocking them), then it puts the session data in the URL as query strings e.g.

With Cookies – http://superstar.tibolts.co.uk/account_history_info.php

becomes:

Without Cookies – http://superstar.tibolts.co.uk/account_history_info.php?order_id=xxxxxxx&osCsid=6x7x8x2xhxmxfxvx2xuxjx5xdx

The osCid is the important part (obviously scrambled in this example).

If someone then posts the second URL on the internet, and a logged in user who is allowing cookies then clicks on that link, they get the page, the server sets a cookie, and they become the user.

I think.

There should be some sort of page state management in their php code to stop this (I am not a developer, so this could be the wrong term).

andyrm – to stop other users trying to buy in the meantime smart arse whilst i report it

andyrm – to stop other users trying to buy in the meantime smart arse whilst i report it

Cheer up mate. No need for that 🙂 Sun’s shining.

This happened before when the site got busy when they sold off all the KS stuff.

It’s a crap design that doesn’t scale, basically, I’m not sure it’s cookie related as I’ve had the problem and allow them.

Fruit promised everyone it was fixed after the last time 🙄

School boy error from the developer. Must be pretty embarrassing for them right now…

Fruit promised everyone it was fixed after the last time

About what you would expect from their CS/BS and warranty division 😉

From the OP on this thread that doesn’t seem to be the case – he’s not clicking through a link to buy something, just using the site.

And that’s more concerning because you don’t have to have posted a link to anything for your details to be compromised.

From the OP on this thread that doesn’t seem to be the case – he’s not clicking through a link to buy something, just using the site

I suspect he clicked through on the (now removed) link on the chainring thread: http://singletrackworld.com/forum/topic/superstar-narrow-wide-for-those-who-cant-wait

no i didn’t – fresh visit to the site

Rob, why are you ordering their shoddy, unreliable, badly made, poor quality, ugly, dangerous tat anyway?

As punishment for that (and for harvesting unsuspecting customer’s details on their unsafe, shoddy, ugly, dangerous website) I’m not riding with you until the bits you buy have worn out. In about October.

was a gift for you 🙁

I think they’re just trying to covertly shift more dead stock in your direction.

“Hang on – purple bar ends? I didn’t order these! And apparently I paid full price too!”

Neil from superstar is still the only person on planet earth I would happily punch.

Do I detect some sexual tension between the two of you ? …. 😆

no i didn’t – fresh visit to the site

I see.

It definitely works though. Just created a test account. If you get the session ID, and that person didn’t log off, then you can fill your boots.

Fancy some disk rotors?:

http://superstar.tibolts.co.uk/shopping_cart.php?osCsid=h623khs9aogfbnffm6oevqntn7

Thanks, just added a couple of bits to ‘your’ order. Please let me know when they arrive 🙂

The only information that seems to be there is the basket information, if try to check the account or proceed to check out it asks you to log in. At least that’s what it’s done for me when I’ve tested it.

Someone had logged out the account (which is worrying, because you would hope that would deep six the session).

Try it now.

I ordered a set of brake pads once and ended up with 2 pairs of nano tech pedals, result 8)