cancel
Showing results for 
Search instead for 
Did you mean: 

Magento 2.3.3 - Customers able to see other Orders and Information

Magento 2.3.3 - Customers able to see other Orders and Information

We've had a report on our website that Registered Users are able to see Guest Users orders and information, granted so far its only been on a 1:1 scale so One Registered User can see One Guest Users information but this is still a massive issue on our side, the problem is we don't have a solution, we've looked into the database to see if there are any errors and we've been unsuccessful.

 

The Information thats being shown to the user:

  • Contact Information (Full name, Email)
  • Billing Address (Full name, Address, Postcode & Phone Number)
  • **bleep** & Phone Number)

These are all outlined in a "Recent Orders" tab which displays the Guests Orders under the Registered Users Order.

 

Frequent Occurrences: 

  1. Guest Users order is ALWAYS before the Registered Users.
  2. The Back-end always links the two orders together as if it was the same user

 

Things we've checked:

  1. Order Numbers are always different
  2. Database Entries are all the same as they was before this was happening (around the 17th December - We used a backup to check)

What we think the issue is:

We think the customers ID/Account has somehow merged with each other, is there a way for us to separate a bulk of the customers accounts in order to make sure they're unique entities within the database/backend?

1 REPLY 1

Re: Magento 2.3.3 - Customers able to see other Orders and Information

Make sure that varnish is not caching any dynamic routes, such as cart, customer, and sales. Dynamic routes should never be cached.