Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.0.8
-
Fix Version/s: 4.1.0
-
Component/s: None
-
Labels:None
Description
After a successful contribution, the credit card information is not delete from the session.
- this allows a user to go back twice, and see the credit card information (even doing a manual "refresh" still shows the information)
- the credit card ifnormation is kept non-encrypted in the database (session table) until the session expires (can be up to 1-2 weeks)
While debugging with lobo on IRC, it seems that the code was there in 2.0, but was removed at some point, without explanation:
http://svn.civicrm.org/civicrm/branches/v2.0/CRM/Contribute/Form/Contribution/ThankYou.php
// can we blow away the session now to prevent hackery
$this->controller->reset( );
If I add the line back, it seems to work OK.