View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004011 | OXID eShop (all versions) | 4.02. Session handling | public | 2012-05-07 17:19 | 2012-06-05 17:20 |
| Reporter | tjungcl | Assigned To | |||
| Priority | high | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | suspended | ||
| Product Version | 4.6.0 revision 44406 | ||||
| Summary | 0004011: Session Loss on Checkout, Login, Back | ||||
| Description | Reproducable in demoshop, Also in v 4.5.10 Put something in cart, view cart, go to step 2, login with password, press back. --> Browser asks for form-resubmit. --> confirm and your cart is empty | ||||
| Additional Information | On logging in, the session ID is regenerated (oxcmp_user->_afterlogin). When that new generation of the id is skipped, the back button doesnt empty the cart. Why is the new session id neccessary? Its not done on creating a new account or buying without account. | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
| related to | 0003694 | resolved | dainius.bigelis | Search forces new user session |
| related to | 0003573 | resolved | dainius.bigelis | Basket Problem: If User use the "Back" Button of browser, then the page will not appear |
| has duplicate | 0004959 | resolved | Linas Kukulskis | Duplicate sid Cookie on Checkout Register |
|
|
@Developers: I reproduce this issue when in 2nd order step I choose to _register_ with password, fill all required info, create an account and then in the 3rd order step I click browser button BACK (and confirm the request for REsubmiting the form). in this case the reloaded form in 2nd order step is empty and if return to 1st order step it shows that "The Shopping Cart is empty.". Able to reproduce that also on Patch 4.5.11. |
|
|
as for the register-step3-back-way: right, there it happens, too. But please, dont ignore my described usecase, because there that regenerate-Session-Id happens and i dont know what for. |
|
|
Reminder sent to: tjungcl hi, Thanks for your feedback about the issue. We checked the case and looks like it's quite complicated. The regeneration of session ID is implemented for security purposes. So when you click Back on browser, after the form is submited, it tries to get user back to previous page WITH previous session. That's leads to such cases as described. One of possible solutions would be implementing the PRG pattern in eShop entirely, for all the forms. but that is also related with data handling during the order in various circumstances. So we tend to go for more general solution for entire shop. We included this task to our backlog, to solve that kind of issues in one of further version releases. Entry here is closed. Best regards, |
