View Issue Details

IDProjectCategoryView StatusLast Update
0002263OXID eShop (all versions)1.09. Integrations: Facebook, Trusted Shops, Shop lupe, Econdapublic2012-12-07 14:35
Reportercsimon Assigned To 
Status resolvedResolutionfixed 
Product Version4.4.5 revision 31315 
Fixed in Version4.5.1 revision 38045 
Summary0002263: Session Problems with Facebook activated in CE/PE/EE
DescriptionWe encountered the Problem, that if facebook is enabled and you put a certain products from its detailspage in Basket and click on "Proceed to Checkout", the Basket is gone. We were able to reproduce this in all Demoshops.

If you deactivate Facebook, everything is fine, so it's definetly related to the facebook integration.
Steps To ReproduceFirefox:

1. Delete all Cookies (session, somain, path)
2. Navigate to (or community, or professional)
3. Click on "Purse GLAM" in Order to get its details page
4. Click "to basket"
5. In popup -> click "proceed to checkout"

result: empty basket.

However, we have in fact our shop working at a different subdomain, and there the problem doesn't occur.

PHP Versionany
Database Versionany



2010-12-16 10:12

reporter   ~0003821

Last edited: 2010-12-16 10:38

I found the source of this problem: facebook does a request if you put something to basket, this request contains the force_sid. This request leads to the destruction of the session, because the shop kills a session initiated with force_sid which comes from a different user agent.

In this case aTrustedIPs is a bad solution, because facebook IP ranges are friggin huge and change often.


I solved the problem:

fb_like.tpl containts this:

<fb:like href="[{$oProduct->getLink()}]" layout="box_count" show_faces="false" width="100" action="like" colorscheme="light"></fb:like>

getLink returns an URL with force_sid parameter -> url gets called -> session destroyed. If you strip the force_sid param, everything works fine.


2010-12-21 14:43

reporter   ~0003881

The issue occurs only when adding any product to basket for the first time. If you will go to basket (which is empty), then will add any other product to basket again - the second product will be shown in basket.


2011-01-25 14:56

reporter   ~0004013

You can fix this problem by yourself by changing "$oProduct->getLink()" to "$oView->getCanonicalUrl()". This fix will be published only in update package.


2011-06-07 15:05

reporter   ~0004704

@developers: debug on demoshop if this problem is really fixed. this problem can be reproduced on online demoshop 450, but i can not reproduce it on 450 version in vmware...


2011-06-08 08:21

reporter   ~0004706

You cannot reproduce it in VMWare because Facebook does a request to the url which is submitted in FBML (e.g. the one with force_sid) which breaks the session. In VMWare facebook cannot make a request, because your network is of course "private" and the demoshop is reachable through the internet.


2011-06-08 09:08

reporter   ~0004708

fixed in upcoming patch