View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005584||OXID eShop (all versions)||4.11. Image handling||public||2013-12-19 17:23||2016-04-07 16:55|
|Product Version||4.8.1 / 5.1.1|
|Target Version||Fixed in Version|
|Summary||0005584: User sessions are killed|
|Description||After browsing in a shop after some time user is logged off.|
|Steps To Reproduce||Might be possible to reproduce in regular environment, but we test on a system running Varnish in front and two web servers.|
1. open the shop, browse a bit;
2. log in and browse a bit again;
3. delete the contents of folder "out/pictures/generated/"
4. restart varnish;
5. you should be logged out after next few clicks.
|Additional Information||The problem is - image generator. for some reason it kills previous session and sends new cookie with new session id, but after click browser does not send new, send old cookie.|
P.S. for details - contact me or Saulius S.
|Tags||No tags attached.|
|PHP Version||Not defined|
|Database Version||Not defined|
Can be fixed by modifying .htaccess:
RewriteRule (\.jpe?g|\.gif|\.png)$ getimg.php
RewriteRule (\.jpe?g|\.gif|\.png)$ getimg.php?skipSession=1
to reproduce it it might be important that you enable
blForceSessionStart in config.inc.php
because this kind of problems you will always get if you remove session information from a request (see vcl "oxNormalizeRequestRecv" at the end cookies are doped for static files) but the request will create a new session.
btw for high performance sites it is NOT recommend to set blForceSessionStart to true.