View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002263 | OXID eShop (all versions) | 1.09. Integrations: Facebook, Trusted Shops, Shop lupe, Econda | public | 2010-12-16 09:04 | 2012-12-07 14:35 |
| Reporter | csimon | Assigned To | |||
| Priority | urgent | Severity | block | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.4.5 revision 31315 | ||||
| Fixed in Version | 4.5.1 revision 38045 | ||||
| Summary | 0002263: Session Problems with Facebook activated in CE/PE/EE | ||||
| Description | We encountered the Problem, that if facebook is enabled and you put a certain products from its detailspage in Basket and click on "Proceed to Checkout", the Basket is gone. We were able to reproduce this in all Demoshops. If you deactivate Facebook, everything is fine, so it's definetly related to the facebook integration. | ||||
| Steps To Reproduce | Firefox: 1. Delete all Cookies (session, somain, path) 2. Navigate to http://demoshop.oxid-esales.com/enterprise-edition/ (or community, or professional) 3. Click on "Purse GLAM" in Order to get its details page 4. Click "to basket" 5. In popup -> click "proceed to checkout" result: empty basket. However, we have in fact our shop working at a different subdomain, and there the problem doesn't occur. | ||||
| Tags | |||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
|
|
I found the source of this problem: facebook does a request if you put something to basket, this request contains the force_sid. This request leads to the destruction of the session, because the shop kills a session initiated with force_sid which comes from a different user agent. In this case aTrustedIPs is a bad solution, because facebook IP ranges are friggin huge and change often. edit: I solved the problem: fb_like.tpl containts this: <fb:like href="[{$oProduct->getLink()}]" layout="box_count" show_faces="false" width="100" action="like" colorscheme="light"></fb:like> getLink returns an URL with force_sid parameter -> url gets called -> session destroyed. If you strip the force_sid param, everything works fine. |
|
|
The issue occurs only when adding any product to basket for the first time. If you will go to basket (which is empty), then will add any other product to basket again - the second product will be shown in basket. |
|
|
You can fix this problem by yourself by changing "$oProduct->getLink()" to "$oView->getCanonicalUrl()". This fix will be published only in update package. |
|
|
@developers: debug on demoshop if this problem is really fixed. this problem can be reproduced on online demoshop 450, but i can not reproduce it on 450 version in vmware... |
|
|
You cannot reproduce it in VMWare because Facebook does a request to the url which is submitted in FBML (e.g. the one with force_sid) which breaks the session. In VMWare facebook cannot make a request, because your network is of course "private" and the demoshop is reachable through the internet. |
|
|
fixed in upcoming patch |
