View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006933 | module PayPal Plus | module PayPal Plus - sub | public | 2018-12-17 12:09 | 2018-12-18 10:05 |
Reporter | naehwelt | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | acknowledged | Resolution | open | ||
Summary | 0006933: IE compatibility mode in PPP widget causes session swap by coming back to shop | ||||
Description | ppp: 2.0.4 shop: 4.10.7 In the paypal-modul this scenario works well, because of **rtoken** parameter in all backlinks: [oxid-esales/paypal-module oePayPalDispatcher::_getBaseUrl](https://github.com/OXID-eSales/paypal/blob/eb7d0ea23621696602bad3a767becfb3f0e8eb31/source/modules/oe/oepaypal/controllers/oepaypaldispatcher.php#L121) workaround/fix: ```php class paypPayPalPlusConfig extends paypPayPalPlusSuperCfg ... /** * Get a clean base URL of an active (sub-)shop suitable to pass to PayPal API. * * @return string */ public function getShopBaseLink() { $remoteToken = oxRegistry::getSession()->getRemoteAccessToken(); $url = $this->getShop()->getConfig()->getShopSecureHomeURL() . "rtoken={$remoteToken}&"; return (string) str_replace('&', '&', $url); } ... ``` | ||||
Tags | No tags attached. | ||||
|
Please let us know how to reproduce the behaviour you describe, as it is not clear exactly what is meant. Step1 Step2 ... What should be replaced in your fix? return (string) str_replace('&', '&', $url); |
|
1. please take a closer look to the methods: oxSession::_isSwappedClient oxSession::_checkUserAgent oxSession::getRemoteAccessToken 1. IE 11, oxid 4.10.7 (but i'm pretty sure its also broken in the 6x branch), paypalplus 2.0.4, enable debug mode 2. drop some items in the basket => index.php?cl=payment 3. select any paypalplus payment method => continue 4. now you should be forwarded to the paypal payment page: https://www.paypal.com/webapps/hermes?country=DE&useraction=continue&token=...&country.x=DE&locale.x=de_DE 5. here you will be automatically switched to the compatibility mode (your browser sends now a modified user-agent header) 6. click on the cancel button or any other backlink to your shop 7. back to your shop, the oxSession::start will detect that your user-agent header has changed and will initialize a new session The workaround/fix is to add a rtoken parameter to all relevant urls of PayPal\Api\RedirectUrls. The method oxSession::getRemoteAccessToken and its counterpart oxSession::_isValidRemoteAccessToken seem to be implemented exactly for this edge case. This approach is successfully used in the paypal-module, but not yet in the paypalplus-module. 2. Nothing should be replaced. The parameter "rtoken={$remoteToken}&" should be added to the base url. Just compare my method with the original one (paypPayPalPlusConfig::getShopBaseLink) . |