Serious security issue on ba.com - showing bookings for previously logged in user
#1
Original Poster
Join Date: Feb 2013
Location: London, UK
Programs: BAEC Silver, ITA Club Executive, Hilton Gold, Marriott Gold
Posts: 3,599
Serious security issue on ba.com - showing bookings for previously logged in user
We were making some bookings this morning using my laptop, using both my and MOH's accounts and I now find myself in a situation in which my bookings are shown after clearly logging out and logging in again using MOH's account.
I imagine this is related to some cookie/session information stored in the browser, but it seems pretty serious to me, no matter if it's within the same browser session.
I imagine this is related to some cookie/session information stored in the browser, but it seems pretty serious to me, no matter if it's within the same browser session.
#2
FlyerTalk Evangelist
Join Date: Aug 2002
Location: London
Programs: Mucci. Nothing else matters.
Posts: 38,644
The previous discussion about this suggests that it's a caching issue: Issues, bugs and glitches on ba.com website [Please keep thread clutter-free!]
I think it would be more serious if it persisted beyond a particular browser session, but it doesn't sound like that's what you're seeing.
I think it would be more serious if it persisted beyond a particular browser session, but it doesn't sound like that's what you're seeing.
#3
Join Date: Aug 2006
Location: Switzerland
Posts: 1,591
Yeah, I'd hope it was a cacheing issue and not one of cookies failing to delete after logging out. You could try deleting your browser cache and trying again.
I believe it's still a BA issue though, as the cache should have been marked as expired and/or invalid (I'm not a web developer!).
I believe it's still a BA issue though, as the cache should have been marked as expired and/or invalid (I'm not a web developer!).
#4
Original Poster
Join Date: Feb 2013
Location: London, UK
Programs: BAEC Silver, ITA Club Executive, Hilton Gold, Marriott Gold
Posts: 3,599
Regardless of what the root cause is (I didn’t have enough time to investigate), no one should see someone else’s bookings and booking references when logging in. It is clearly an application issue, as in not a browser issue.