Smith Cart 2.96. Sequence:
- At DNN site, register as a new site user: JoeBlow.
- Buy something.
- Smith_Customer table shows a new row, CustomerID = 9, name and address information is all fine.
- Logout of DNN site.
- Register as a new site user: SallySwift.
- Buy something
- Smith_Customer table does NOT show a new row.
- Smtih_StoreOrders table shows a new row for Sally's purchase -- but it uses CustomerID = 9, which is Joe Blow's! :-( The ShipFirstName, ShipLastName, etc. fields all have Sally Swift's information in them, but the CustomerID is 9.
- Logout of DNN site.
- Close all browser windows.
- Restart browser, go to site, login as Sally Swift. Buy something.
- Smith_Customers table gets a new row, CustomerID = 10. Smith_StoreOrders gets a new row, with CustomerID = 10. Just fine.
It looks like the CustomerID is stored as part of the application's session state. It's as if the cart logic goes like this:
- Does the session state have a value for CustomerID?
- If yes, use that CustomerID no matter who the logged-in user is.
- If not, look up a row in Smith_Customers with a DNNLogin value equal to the current logged in user's DNN UserName.
- If found, use that CustomerID. If not, create a new CustomerID. Either way, store the CustomerID in session state.
This wouldn't be a problem except for computers that get used by multiple people -- e.g. a walk-up computer in a training room or meeting room at a business. If somebody buys something, then logs out of the DNN site, but does NOT close the browser, and then someone else comes up and logs into the DNN site, the cart will use the previous person's CustomerID.
Looks like a bug.