|
MR DECLAN J MAIR
|
November 15, 2020 at 4:49 am
Hi,
I’ve just had an email from a user booking an event. In the booking process another users details were populated – showing all their details (Big GDPR breach).
Having looked at the registrations, it would seem the person who has booked and paid has had their booking assigned to the other user…
Very concerning please help.
|
|
Tony
|
November 16, 2020 at 5:16 am
Hi Declan,
Was the user logged into the site when they registered?
Can you link me to the event in question so I can take a look?
(You can mark your reply private so only EE staff can view if preferred)
|
|
MR DECLAN J MAIR
|
November 16, 2020 at 6:02 am
This reply has been marked as private.
|
|
Tony
|
November 16, 2020 at 9:12 am
Ok, pretty much the only way I can think for that to happen is caching.
Do you have any caching plugins installed?
Does your host have any server-side caching enabled?
|
|
MR DECLAN J MAIR
|
November 16, 2020 at 9:19 am
Hi tony, yes there is caching.
I use the SG Optimizer. The EE pages are excluded from the cache.
There is server side caching too.
|
|
Tony
|
November 16, 2020 at 12:16 pm
Do you have memcached enabled? If so disable it.
There are multiple different types of caching and if your caching the requests that would be sent for the data EE uses on the checkout you’ll get the above.
You need to make sure nothing within EE is cached, we already set a bunch of no-cache headers and constants, if those are ignored and objects cached the above can happen.
What have you set for EE’s cache exclusions?
|
|
MR DECLAN J MAIR
|
November 17, 2020 at 3:22 am
Hi Tony,
Memcached is disabled.
Heres the pages excluded from caching:
/thank-you/
/registration-cancelled/
/log-in/
/transactions/
/my-bookings/
/registration-checkout/
Thanks,
Declan
|
