View Issue Details

IDProjectCategoryView StatusLast Update
0006064OXID eShop (all versions)4.02. Session handlingpublic2020-06-02 11:51
Reportergregor.hyneck 
PrioritynormalSeveritymajorReproducibilityrandom
Status acknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0006064: Login in subshop is valid in the parent shop
DescriptionWhen a user logs in the subshop, he is also logged in the parent shop (when opening them both in two browser tabs). The sid cookies of both shops remain the same if you refresh the tabs alternating. They do not refresh their sid cookie because the variable actshop is written to $_SESSION before session_start() was called (e.g. in oxconfig::init()). The variables written to $_SESSION before session_start() are not reliable (sometimes they get deleted, sometimes not).
Steps To Reproduce- create a subshop which inherits "settings, articles" from the parent shop (version EE 5.23)
- check that confbools[blMallUsers] is set to unchecked in the parent shop mall tab
- open 2 tabs in your Browser (Firefox 36 or Chrome 40): one with the parent shop and one with the subshop (&shp=2)
- create an account within the subshop and login
- reload the tab with the parent shop: user from subshop is logged in the parent shop. The value of the sid-cookie gets not refreshed for the parent subshop.
Additional InformationA bloody hotfix would be to save the variables of $_SESSION before session_start() and restore them afterwards.
TagsEE
ThemeAzure
BrowserAll
PHP Version5.3
Database Version5.5

Relationships

related to 0003075 resolvedLinas Kukulskis Active subshop ID value is dropped from session, default shop id is set 

Activities

lambreva

2020-06-02 11:51

developer   ~0013248

Hi, I found similar behaviour related to this issue. I worked with clean shop installation of 6.2 version (I used b-6.2.x branch) without installed modules. I created a sub-shop using 'Shop inherits all inheritable items (products, discounts etc) from it's parent shop.' option and as parent shop I used 'OXID eShop 6 (1)'. I logged in the frontend of shop 1 with '[email protected]' user and password 'useruser'. Then in the same tab of the browser I opened shop 2 and checked my account area, I even finalized an order in it without any problems. Then I logged out from shop 2 and tried to log in again and then I received an error message 'Wrong e-mail address or password!'.

create-subshop.png (60,758 bytes)
create-subshop.png (60,758 bytes)