View Issue Details

IDProjectCategoryView StatusLast Update
0007251OXID eShop (all versions)1.05. Userspublic2021-07-07 12:26
ReporterKIRATIKdevs Assigned To 
PrioritylowSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version6.1.5 
Summary0007251: Delete shipping address fails if cookies are cleared in between
DescriptionWhen user will open "Billing and shipping addresses" page in account settings and then clear cookies during an attempt to delete additional shipping address, the shop crashes.
An error is triggered in line 594 of OxidEsales\EshopCommunity\Application\Component\UserComponent.
Steps To Reproduce- Log in with a customer account
- Click on "My account > My account > Billing and shipping addresses"
- Deactivate option "Use billing address for shipping"
- Add a new shipping address, if you don't have one
- Select this shipping address
- Now clear your cookies
- Then click on delete and confirm
You will see the maintenance mode for some seconds, then it redirects to the home page and you're logged out.
Additional InformationIf you clear your cookies your session ends and you get logged out of the shop. Usually this does not lead to any problems. In this specific case the shipping address' delete button still works You can start the deletion process without any issues, but as soon as you confirm the deletion the UserComponent can't find the user, since no user is logged in anymore due to the end of the session triggered by clearing the cookies.

Error in log:

OXID Logger.ERROR: Call to a member function getId() on bool ["[object] (Error(code: 0): Call to a member function getId() on bool at /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Application/Component/UserComponent.php:611)\n[stacktrace]\n#0 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Application/Component/UserComponent.php(596): OxidEsales\\EshopCommunity\\Application\\Component\\UserComponent->canUserDeleteShippingAddress(Object(OxidEsales\\Eshop\\Application\\Model\\Address))\n#1 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Core/Controller/BaseController.php(534): OxidEsales\\EshopCommunity\\Application\\Component\\UserComponent->deleteShippingAddress()\n#2 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ee/Core/Controller/BaseController.php(64): OxidEsales\\EshopCommunity\\Core\\Controller\\BaseController->executeFunction('deleteShippingA...')\n#3 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Application/Controller/FrontendController.php(548): OxidEsales\\EshopEnterprise\\Core\\Controller\\BaseController->executeFunction('deleteShippingA...')\n#4 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Core/ShopControl.php(398): OxidEsales\\EshopCommunity\\Application\\Controller\\FrontendController->init()\n#5 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Core/ShopControl.php(278): OxidEsales\\EshopCommunity\\Core\\ShopControl->_initializeViewObject('OxidEsales\\\\Esho...', 'deleteShippingA...', NULL, NULL)\n#6 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Core/ShopControl.php(142): OxidEsales\\EshopCommunity\\Core\\ShopControl->_process('OxidEsales\\\\Esho...', 'deleteShippingA...', NULL, NULL)\n#7 /var/www/oxideshop/vendor/oxid-esales/oxideshop-ce/source/Core/Oxid.php(27): OxidEsales\\EshopCommunity\\Core\\ShopControl->start()\n#8 /var/www/oxideshop/source/index.php(16): OxidEsales\\EshopCommunity\\Core\\Oxid::run()\n#9 {main}\n"] []
TagsNo tags attached.
ThemeNot defined
BrowserGoogle Chrome
PHP Version7.1
Database VersionMariaDB 10.4

Activities

QA

2021-07-07 12:21

administrator   ~0013464

Last edited: 2021-07-07 12:26

Thanks for your entry. I managed to reproduce the issue and added steps to reproduce as well as some additional information. I would appreciate if you add some more specific steps on your next entry. Every informaton may help to invesigate the issue better.

Since I was able to reproduce the issue, I acknowledged it. However, it's normal to loose your session if you delete the cookies. I don't see why a user want to delete his cookies between actions he is taking on the website. Usually the cookies are cleared after the user is done with whatever he wanted to do on the website - mostly if he closes the browser. You may add some feedback for us as a note, but currently I classify the issue as rarely triggered in real world scenarios. Also the user may relog directly after the redirect and start the deletion again. As long as he does not clear cookies again, he does not encounter any trouble and the shop works as intended.

Anyway, I agree, that the delete process should not start and later fail. If the session is lost due to clearing the cookies, the redirect and logout should happen immediately without triggering any error.

[sp]