Accidentally, a customer can see another customer's information and breach the privacy!

10 个月 前
Hi,
I have used Nop 3.9. I moved all files and DB from the old host to a new one.
I am involved in a strange issue which I have seen sometimes and it is really weird.
When some customers go to checkout page, they see the billing addresses of another customer in the combo box! The information is usually related to the earlier customers who place an order.
I checked all codes and everything is ok:

            //existing addresses
            var addresses = _workContext.CurrentCustomer.Addresses
                .Where(a => a.Country == null ||
                    (//published
                    a.Country.Published &&
                    //allow billing
                    a.Country.AllowsBilling &&
                    //enabled for the current store
                    _storeMappingService.Authorize(a.Country)))
                .ToList();

            foreach (var address in addresses)
            {
                var addressModel = new AddressModel();
                _addressModelFactory.PrepareAddressModel(addressModel,
                    address: address,
                    excludeProperties: false,
                    addressSettings: _addressSettings);
                model.ExistingAddresses.Add(addressModel);
            }

When the customer refreshes the page, he sees the correct information and his shipping address.
It is a serious issue and breaches the privacy.
It seems the CurrentCustomer changed. But when I refresh the page, the correct addresses fetch.
Is there any issue related to Cookies?

Thanks for any idea

Thanks
10 个月 前
Please don't duplicate topics
https://www.nopcommerce.com/boards/topic/81441/load-the-another-customers-information
10 个月 前
Hi New York,
I guess the Security group is the best place to talk about the issue.
I did your solution, but unfortunately, the issue is not fixed.
Any other idea?