View Issue Details

IDProjectCategoryView StatusLast Update
0005584OXID eShop (all versions)4.11. Image handlingpublic2016-04-07 16:55
Reporterarvydas_vapsva 
PriorityurgentSeveritycriticalReproducibilitysometimes
Status acknowledgedResolutionopen 
Product Version4.8.1 / 5.1.1 
Target VersionFixed in Version 
Summary0005584: User sessions are killed
DescriptionAfter browsing in a shop after some time user is logged off.
Steps To ReproduceMight be possible to reproduce in regular environment, but we test on a system running Varnish in front and two web servers.

1. open the shop, browse a bit;
2. log in and browse a bit again;
3. delete the contents of folder "out/pictures/generated/"
4. restart varnish;
5. you should be logged out after next few clicks.
Additional InformationThe problem is - image generator. for some reason it kills previous session and sends new cookie with new session id, but after click browser does not send new, send old cookie.

P.S. for details - contact me or Saulius S.
TagsNo tags attached.
ThemeAll
BrowserAll
PHP VersionNot defined
MySQL VersionNot defined

Activities

arvydas_vapsva

2013-12-20 09:06

reporter   ~0009370

Can be fixed by modifying .htaccess:

RewriteRule (\.jpe?g|\.gif|\.png)$ getimg.php

changing to:

RewriteRule (\.jpe?g|\.gif|\.png)$ getimg.php?skipSession=1

keywan.ghadami

2016-04-07 16:55

developer   ~0011524

to reproduce it it might be important that you enable

blForceSessionStart in config.inc.php

because this kind of problems you will always get if you remove session information from a request (see vcl "oxNormalizeRequestRecv" at the end cookies are doped for static files) but the request will create a new session.

btw for high performance sites it is NOT recommend to set blForceSessionStart to true.