View Issue Details

IDProjectCategoryView StatusLast Update
0004959OXID eShop (all versions)4.02. Session handlingpublic2013-02-22 16:14
Reportermhaupt Assigned To 
PriorityhighSeveritymajorReproducibilityrandom
Status resolvedResolutionduplicate 
Product Version4.6.5 revision 49955 
Summary0004959: Duplicate sid Cookie on Checkout Register
DescriptionPut something in cart, view cart, go to step 2
Register as new customer
Fill the form and submit
The Data is posted to the index.php which sends back cookie headers
for the sid cookie with differen values. The rest of the cookie
parameters is same between the two sid cookies.

key value valid to domain path secure only_http
sid 86rn4s2agstet89ipbbeish636 end of session / FALSE TRUE
sid eaegch5rslp3usmjn9tggu41v5 end of session / FALSE TRUE

This behaviour did not appear always, but it appears. If the browser
decides for the wrong cookie, the customer is registered and redirected
to the payment step with the wrong sid. In this case the basket could
not be found and the customer is redirected again to the start page and
the basket is empty.

This duplicate cookies where seen with multiple different browser-engines.

Seems to be related to session id regeneration in oxcmp_user->_afterlogin().

This behaviour was also reproduceable in in version 4.7.3 too.

Related Issue: 0004011

Exists there any fix for that? Or is a fix planned for the next time?
Is there any quickfix for that behaviour (except from not regenerate
the session id on login) that we can apply so that our customers can register
in checkout?
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Version5.3
Database Version5.5

Relationships

duplicate of 0004011 resolvedvaidas.matulevicius Session Loss on Checkout, Login, Back 

Activities

There are no notes attached to this issue.