View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004959 | OXID eShop (all versions) | 4.02. Session handling | public | 2013-02-22 13:21 | 2013-02-22 16:14 |
| Reporter | mhaupt | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | random |
| Status | resolved | Resolution | duplicate | ||
| Product Version | 4.6.5 revision 49955 | ||||
| Summary | 0004959: Duplicate sid Cookie on Checkout Register | ||||
| Description | Put something in cart, view cart, go to step 2 Register as new customer Fill the form and submit The Data is posted to the index.php which sends back cookie headers for the sid cookie with differen values. The rest of the cookie parameters is same between the two sid cookies. key value valid to domain path secure only_http sid 86rn4s2agstet89ipbbeish636 end of session / FALSE TRUE sid eaegch5rslp3usmjn9tggu41v5 end of session / FALSE TRUE This behaviour did not appear always, but it appears. If the browser decides for the wrong cookie, the customer is registered and redirected to the payment step with the wrong sid. In this case the basket could not be found and the customer is redirected again to the start page and the basket is empty. This duplicate cookies where seen with multiple different browser-engines. Seems to be related to session id regeneration in oxcmp_user->_afterlogin(). This behaviour was also reproduceable in in version 4.7.3 too. Related Issue: 0004011 Exists there any fix for that? Or is a fix planned for the next time? Is there any quickfix for that behaviour (except from not regenerate the session id on login) that we can apply so that our customers can register in checkout? | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | 5.3 | ||||
| Database Version | 5.5 | ||||
| duplicate of | 0004011 | resolved | vaidas.matulevicius | Session Loss on Checkout, Login, Back |
