Customer group policy has no checks, possibly risky usage
pladodev opened this issue · 0 comments
pladodev commented
Hi,
I start to implement Turpentine in my shop when I try this behaviour:
- Start a navigation session
- Create a customer_group cookie (Chrome-> Dev Options -> Application -> Cookie -> customer_group) with a valid ID
- Reload the page...
- Boom... I can see the prices that I'm not able to see like a not logged user.
Same issue if you change the cookie and reload.
In my shop I've no public prices, only logged user with another customer_group can see it.
It's possible to fix with a magento check per session?
Thanks