View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002550 | OXID eShop (all versions) | 4.02. Session handling | public | 2011-02-22 15:22 | 2011-07-01 15:55 |
| Reporter | johnnymoped | Assigned To | |||
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.4.6 revision 32697 | ||||
| Fixed in Version | 4.5.1 revision 38045 | ||||
| Summary | 0002550: Session is lost in redirectAfterLogin() in account.php if SSL is enabled in Shop | ||||
| Description | User comes from Login and is then redirected to a non-SSL-page without force_sid-parameter. => Session gets lost | ||||
| Steps To Reproduce | - Basic-Shop Installation - SSL in config is enabled - User is logged out - go to any product - click on "Please login to access Wish List." - Login-Page appears - Login - User is redirected to product-page and session is lost ("Please login to access Wish List." is still there) | ||||
| Additional Information | In views/account.php change row 0000245 [function redirectAfterLogin] return oxUtils::getInstance()->redirect( $this->getConfig()->getSslShopUrl().'index.php?cl='.rawurlencode( $sSource ).$sParams ); to return oxUtils::getInstance()->redirect( oxUtilsUrl::getInstance()->processUrl($this->getConfig()->getShopUrl().'index.php?cl='.rawurlencode( $sSource ).$sParams) ); processUrl() will add the right parameters to the URL that the session is not lost. | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
|
|
Can confirm this issue in 4.4.3 and 4.4.8. The session gets only lost, if SSL is enabled. The workaround above has no effect to this bug, the session is still getting lost. Would be very great, if this issue is fixed before the 4.5 release of the eshop. |
|
|
the workaround should add the force_sid-parameter to the redirect-url and therefore the session should be preserved. what does the redirect-url look like in your case? you may have another problem with the session. one that took me a few days to find out is the facebook-like-box I had on every product-page. |
|
|
Hi Johnny, this is the complete url after the redirect: http://www.meinestruempfe.de/index.php?cl=details&cnid=c2111d6f1e840252a1a7a9d5315d3d66&listtype=list&anid=63oe3246f744deb77e72b864cc66d0f5&force_sid=j0amci5l8lnrl0jt9pgbna1r81&redirected=1 It works correct, if i turn of ssl mode completely. Okay, will turn of the fb like button too, to get this worked as long as the 4.5 update is complete on my dev system. |
|
|
Hi again, i came along with deactivating the like button. And you are right, now the login works. Is there any solution to still use the like button in ssl mode? |
|
|
Hi @ all, changed the url in the fb_like.tpl to [{$oView->getCanonicalUrl()}] [{if $oView->isActive('FbLike') && $oViewConf->getFbAppId()}] <div class="fblike"> <fb:like href="[{$oView->getCanonicalUrl()}]" layout="button_count" show_faces="false" action="like" colorscheme="light"></fb:like> </div> [{/if}] This did the job and the session didnt get lost anymore. Because the former product url method has the force_sid parameter in it, the session was destroyed on clicking back or redirecting to the product mainpage. Best regards, Chris |
|
|
fixed |
