Hi
We have a single report of a slightly nightmarish issue. A customer (I'll call them A) completed their booking and on the confirmation page saw a mixture of their details, another customer's order who was checking out at around the same time (B), and another customer's address who hasn't booked online for months (C).
The pages uses the session ID to take order details from GetOrder, customer details from LoginInfo, GetConstituentInfoEx and GetAccountInfo. I suspect that GetOrder returned customer B's order and GetConstituentInfoEx returned customer C's address.
This is going to be difficult to analyse as it has only apparently happened the once and is pretty much impossible to reproduce.
Has anyone else ever experienced such a thing?!
I should have said, this is still just using the SOAP API. We upgraded to v11 last week.
I'm not sure if it has anything to do with your case, but I do know that if a session isn't logged in you can potentially retrieve anyone's order info.