Hi
I know, I cannot see how it would be Cloudflare OR WP Super Cache OR any caching system that is at fault, as IP addresses are not cached into form variables OR should not be.
The payment form hidden inputs contain things like the purchase amount & details on the product. The button generator THAT s2 provides does NOT as far as I can see generate elements for an IP address and I don't see why it would.
Also when you go to PayPals payment page I am sure they are not silly enough EVEN if you did pass an IP address in the form inputs to take that as the Clients IP address anyway.
They would obviously want the REAL IP address not some form value that had been passed to it e.g "Please believe this value as the IP address not what HTTP tells you - so to speak" - for their own reporting and so on, they would need the real IP address of the client making the HTTP request.
So they would look at the HTTP headers and see the clients Remote_Addr / X-Forwarded-For etc.
Also as they are no longer on MY server anymore (e.g PayPals payment page is not being cached by CloudFlare / WordPress caching) they would not even see a Cloudlfare IP Range address making the request either.
Therefore I cannot see how caching can be the problem and I have to yet to had a proper technical explanation of how it could be.
It's the same as if I had just come to this webpage from a heavily cached page on ANY site. This site would be looking at the HTTP headers and getting the IP address from my computer/server/network NOT the referrers IP address.
That is the only thing I can thing off, that somehow - for some reason PayPal has taken the referrers IP - but even then that would be my Servers IP address NOT my works computer that accesses the server.
I cannot find any documentation or details anywhere about any caching system that would embedd the "last users" IP address into the caching system they use as that is what we are saying - that I, as the first person to ever test the payment system (which I was), somehow had my IP address embedded into the page so that a future user when clicking the button passed MY details along to PayPal.
Apart from how this doesn't make sense - UNLESS s2 Member are doing something I don't understand as it can only be there plugin that would be doing this. I cannot see how the 1st payment (from a few years ago - as this member got User:1 on his PayPal payment page) would still be in any cache ANYWAY - as it is so long ago it would have been flushed many times.
-He wasn't logged in (new member)
-Says he just clicked a standard button on my page - that many people have used, which I checked
-Yet he somehow manages to supply the details of the first ever person to ever make a payment through s2 member (me - userId: 1 and with my office IP address as his own)
A technical explanation of what s2 member embedds into their buttons when they encrypt them e.g DO they embedd IP / user details into the buttons is what I need as it can only be their code that would be doing something like this, as caching or not a non logged in user shouldn't be passing these details along.
It would be great if this was explained to me in a technical way as it doesn't add up at the moment.
Thanks