Superstar website – wtf is going on?
rob jackson – Member
Click on a product – adds to my basket, go to check out and another guys details, and then adds another product when i re-log in!
POSTED 36 MINUTES AGO # REPORT-POST
mikewsmith – Member
see the other thread but I assume you have told them?
POSTED 32 MINUTES AGO # REPORT-POST
rob jackson – Member
not yet as i have just ordered my parts
“I haven’t taken the time to speak to the retailer in question but have gone on social media and a forum to spread the allegedly bad news before alerting them to a potential issue and giving reasonable opportunity to resolve it.”Posted 3 years ago
Ok. Here is what I think is happening.
When you log on to Superstar it tries to set an session cookie. If it can’t set a cookie (because you are blocking them), then it puts the session data in the URL as query strings e.g.
With Cookies – http://superstar.tibolts.co.uk/account_history_info.php
The osCid is the important part (obviously scrambled in this example).
If someone then posts the second URL on the internet, and a logged in user who is allowing cookies then clicks on that link, they get the page, the server sets a cookie, and they become the user.
There should be some sort of page state management in their php code to stop this (I am not a developer, so this could be the wrong term).Posted 3 years ago
From the OP on this thread that doesn’t seem to be the case – he’s not clicking through a link to buy something, just using the site
I suspect he clicked through on the (now removed) link on the chainring thread: http://singletrackworld.com/forum/topic/superstar-narrow-wide-for-those-who-cant-waitPosted 3 years agomunrobikerMember
Rob, why are you ordering their shoddy, unreliable, badly made, poor quality, ugly, dangerous tat anyway?
As punishment for that (and for harvesting unsuspecting customer’s details on their unsafe, shoddy, ugly, dangerous website) I’m not riding with you until the bits you buy have worn out. In about October.Posted 3 years ago
no i didn’t – fresh visit to the site
It definitely works though. Just created a test account. If you get the session ID, and that person didn’t log off, then you can fill your boots.
Fancy some disk rotors?:Posted 3 years ago
The topic ‘Superstar website – wtf is going on?’ is closed to new replies.