View Issue Details

IDProjectCategoryView StatusLast Update
0002263OXID eShop (all versions)1.09. Integrations: Facebook, Trusted Shops, Shop lupe, Econdapublic2012-12-07 14:35
Reportercsimon Assigned To 
PriorityurgentSeverityblockReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.4.5 revision 31315 
Fixed in Version4.5.1 revision 38045 
Summary0002263: Session Problems with Facebook activated in CE/PE/EE
DescriptionWe encountered the Problem, that if facebook is enabled and you put a certain products from its detailspage in Basket and click on "Proceed to Checkout", the Basket is gone. We were able to reproduce this in all Demoshops.

If you deactivate Facebook, everything is fine, so it's definetly related to the facebook integration.
Steps To ReproduceFirefox:

1. Delete all Cookies (session, somain, path)
2. Navigate to http://demoshop.oxid-esales.com/enterprise-edition/ (or community, or professional)
3. Click on "Purse GLAM" in Order to get its details page
4. Click "to basket"
5. In popup -> click "proceed to checkout"

result: empty basket.

However, we have in fact our shop working at a different subdomain, and there the problem doesn't occur.

TagsFacebook
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Activities

csimon

2010-12-16 10:12

reporter   ~0003821

Last edited: 2010-12-16 10:38

I found the source of this problem: facebook does a request if you put something to basket, this request contains the force_sid. This request leads to the destruction of the session, because the shop kills a session initiated with force_sid which comes from a different user agent.

In this case aTrustedIPs is a bad solution, because facebook IP ranges are friggin huge and change often.

edit:

I solved the problem:

fb_like.tpl containts this:

<fb:like href="[{$oProduct->getLink()}]" layout="box_count" show_faces="false" width="100" action="like" colorscheme="light"></fb:like>

getLink returns an URL with force_sid parameter -> url gets called -> session destroyed. If you strip the force_sid param, everything works fine.

dainius.bigelis

2010-12-21 14:43

reporter   ~0003881

The issue occurs only when adding any product to basket for the first time. If you will go to basket (which is empty), then will add any other product to basket again - the second product will be shown in basket.

arvydas_vapsva

2011-01-25 14:56

reporter   ~0004013

You can fix this problem by yourself by changing "$oProduct->getLink()" to "$oView->getCanonicalUrl()". This fix will be published only in update package.

birute_meilutyte

2011-06-07 15:05

reporter   ~0004704

@developers: debug on demoshop if this problem is really fixed. this problem can be reproduced on online demoshop 450, but i can not reproduce it on 450 version in vmware...

csimon

2011-06-08 08:21

reporter   ~0004706

You cannot reproduce it in VMWare because Facebook does a request to the url which is submitted in FBML (e.g. the one with force_sid) which breaks the session. In VMWare facebook cannot make a request, because your network is of course "private" and the demoshop is reachable through the internet.

Arunas

2011-06-08 09:08

reporter   ~0004708

fixed in upcoming patch