View Issue Details

IDProjectCategoryView StatusLast Update
0005584OXID eShop (all versions)4.11. Image handlingpublic2024-01-24 15:26
Reporterarvydas_vapsva Assigned To 
Status resolvedResolutionunable to reproduce 
Product Version4.8.1 / 5.1.1 
Summary0005584: User sessions are killed
DescriptionAfter browsing in a shop after some time user is logged off.
Steps To ReproduceMight be possible to reproduce in regular environment, but we test on a system running Varnish in front and two web servers.

1. open the shop, browse a bit;
2. log in and browse a bit again;
3. delete the contents of folder "out/pictures/generated/"
4. restart varnish;
5. you should be logged out after next few clicks.
Additional InformationThe problem is - image generator. for some reason it kills previous session and sends new cookie with new session id, but after click browser does not send new, send old cookie.

P.S. for details - contact me or Saulius S.
TagsNo tags attached.
PHP VersionNot defined
Database VersionNot defined



2013-12-20 09:06

reporter   ~0009370

Can be fixed by modifying .htaccess:

RewriteRule (\.jpe?g|\.gif|\.png)$ getimg.php

changing to:

RewriteRule (\.jpe?g|\.gif|\.png)$ getimg.php?skipSession=1


2016-04-07 16:55

reporter   ~0011524

to reproduce it it might be important that you enable

blForceSessionStart in

because this kind of problems you will always get if you remove session information from a request (see vcl "oxNormalizeRequestRecv" at the end cookies are doped for static files) but the request will create a new session.

btw for high performance sites it is NOT recommend to set blForceSessionStart to true.


2024-01-24 15:26

administrator   ~0016187

We were not able to reproduce this in a recent version of the shop.