View Issue Details

IDProjectCategoryView StatusLast Update
0002550OXID eShop (all versions)4.02. Session handlingpublic2011-07-01 15:55
Reporterjohnnymoped 
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.4.6 revision 32697 
Target VersionFixed in Version4.5.1 revision 38045 
Summary0002550: Session is lost in redirectAfterLogin() in account.php if SSL is enabled in Shop
DescriptionUser comes from Login and is then redirected to a non-SSL-page without force_sid-parameter.
=> Session gets lost
Steps To Reproduce- Basic-Shop Installation
- SSL in config is enabled
- User is logged out
- go to any product
- click on "Please login to access Wish List."
- Login-Page appears
- Login
- User is redirected to product-page and session is lost ("Please login to access Wish List." is still there)
Additional InformationIn views/account.php change row 0000245 [function redirectAfterLogin]

return oxUtils::getInstance()->redirect( $this->getConfig()->getSslShopUrl().'index.php?cl='.rawurlencode( $sSource ).$sParams );

to

return oxUtils::getInstance()->redirect( oxUtilsUrl::getInstance()->processUrl($this->getConfig()->getShopUrl().'index.php?cl='.rawurlencode( $sSource ).$sParams) );

processUrl() will add the right parameters to the URL that the session is not lost.
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Activities

coarsy

2011-04-12 12:52

reporter   ~0004357

Last edited: 2011-04-12 17:18

View 2 revisions

Can confirm this issue in 4.4.3 and 4.4.8.
The session gets only lost, if SSL is enabled.

The workaround above has no effect to this bug, the session is
still getting lost.

Would be very great, if this issue is fixed before the 4.5 release
of the eshop.

johnnymoped

2011-04-26 09:46

reporter   ~0004399

the workaround should add the force_sid-parameter to the redirect-url and therefore the session should be preserved.
what does the redirect-url look like in your case?
you may have another problem with the session.
one that took me a few days to find out is the facebook-like-box I had on every product-page.

coarsy

2011-04-29 12:02

reporter   ~0004419

Hi Johnny,

this is the complete url after the redirect:

http://www.meinestruempfe.de/index.php?cl=details&cnid=c2111d6f1e840252a1a7a9d5315d3d66&listtype=list&anid=63oe3246f744deb77e72b864cc66d0f5&force_sid=j0amci5l8lnrl0jt9pgbna1r81&redirected=1

It works correct, if i turn of ssl mode completely. Okay, will turn of the fb like button too, to get this worked as long as the 4.5 update is complete on my dev system.

coarsy

2011-04-29 12:06

reporter   ~0004420

Hi again,

i came along with deactivating the like button. And you are right, now the login works. Is there any solution to still use the like button in ssl mode?

coarsy

2011-05-23 10:20

reporter   ~0004640

Hi @ all,

changed the url in the fb_like.tpl to [{$oView->getCanonicalUrl()}]

[{if $oView->isActive('FbLike') && $oViewConf->getFbAppId()}]
<div class="fblike">
<fb:like href="[{$oView->getCanonicalUrl()}]" layout="button_count" show_faces="false" action="like" colorscheme="light"></fb:like>
</div>
[{/if}]

This did the job and the session didnt get lost anymore.
Because the former product url method has the force_sid parameter in it,
the session was destroyed on clicking back or redirecting to the product mainpage.

Best regards,

Chris

Arunas

2011-07-01 15:55

reporter   ~0004810

fixed