YetAnotherForum
Welcome Guest Search | Active Topics | Log In | Register

Paypal Express not logging out account after payment completed? Options
Previous Topic · Next Topic
dsstrainer
#1 Posted : Friday, July 23, 2010 11:47:55 AM
Rank: Starting Member

Groups: Registered

Joined: 7/23/2010
Posts: 1
So this is a pretty big security issue that I assume paypal needs to address.

If you checkout with paypal standard from an ecommerce cart like zencart....
1. You click confirm button
2. You are taken to paypal to login
3. You are taken to a page where you confirm the payment
4. You are taken to the success and redirect screen
5. You are returned to the store's success page.

If you open a new tab after Step 3 but before Step 4, and type "paypal.com". You are taken to your logged in account.
This is absolutely fine since you just logged in.

If you open a new tab after Step 5, and type "paypal.com". You are required to login again.
This is good since you don't expect your account to be open anymore since it was only logged in for the payment


BUT when using Paypal Express, after the DoExpressPayment is called, paypal should be killing it own cookie for the session.
But I am still able to open a new tab and type "paypal.com" and my account is still left open.

I don't see any field to be passed to force a logout after payment is made so I assume that this is something that paypal is supposed to be doing but isnt.
Back to top
 Report Abusive | Report SPAM
Sponsor  
 
Back to top  
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAFVision Theme by Jaben Cargman (Tiny Gecko)
Powered by YAF | YAF © 2003-2009, Yet Another Forum.NET
This page was generated in 0.224 seconds.