Jump to content

CC 3.0.8 and SSL problem - CART EMPTY


Guest drodrigz

Recommended Posts

Guest drodrigz

Hi Guys -

I've been running CC 3.0.7-pl1 smoothly with SSL (dedicated cert) and inside a frame on my website. Now, I've upgraded to CC 3.0.8 and started having problems with the cart.

Everytime you added items to the cart, they showed on the main page, but when you wanted to "view cart", it will return a page saying "your cart is empty". Initially I had done the "upgrade ONLY", but when this happened, I dedided to do a fresh re-install. I only saved my language files, and replaced everything (even losing my mods). The same problem persisted. I tried different skins, different browsers, and nothing.

Then, I decided to try to disable SSL, and it worked just fine!

So, SSL, frames, mods, etc. have been working since 3.0.5... but when I upgraded to 3.0.8, I cannot enable the SSL because I get the "cart empty" error.

This is surely a bug, can someone please look into this?

Thanks!

Daniel

Link to comment
Share on other sites

Guest mfauveau

Hi,

I'm running a highly (and when I say highly I weight my words) modified cubecart store with SSL and dedicated cert. I went trought a manual upgrade from 3.0.7-pl1 to 3.0.8 whithout any problem so far. The cart is working as expected.

Have no idea why your cart is acting weird, maybe this is not cause of SSL but in the way cubecart handle the products names... I remember one of my product that was never added to the cart because of a ' in an option name.

Usually to debug the cart, try add :

print_r($basket);

Just after :

$basket = $cart->cartContents($ccUserData[0]['basket']);

in :

/includes/content/cart.inc.php

If the array is empty, you can be pretty sure it's a session problem...

Hope this can help.

Link to comment
Share on other sites

Guest drodrigz

Ok, I did what you suggested. And tested it both with SSL on and off, here are the results of the prinout at the top of the page:

SSL ON:

Array ( [currentStep] => 1 [stepLimit] => 2 )

SSL OFF:

Array ( [currentStep] => 1 [stepLimit] => 2 [conts] => Array ( [6:21.24] => Array ( [quantity] => 1 ) ) )

I am not a programmer, so I don't know what this means...

Does this brings to light any possible causes?

BTW, everything else works fine with SSL ON, the admin area, registration, etc.

weird!

d

Link to comment
Share on other sites

Guest Paracelsus

I have this problem now too. Shared Cert, but since yours is dedicated that wouldn't seem to be the cause.

Exactly the same results from the diagnostic line too.

Link to comment
Share on other sites

Guest mashurst

I have this problem now too. Shared Cert, but since yours is dedicated that wouldn't seem to be the cause.

Exactly the same results from the diagnostic line too.

I am having the same problem too. A customer that used my site also had the problem and actually called my 800 number to place a phone order and then we figured out it wasn't just something that we were doing. We primarily use firefox, but have had it happen in IE too. If I delete my cookies from Firefox, and close the browser and then restart the order from scratch, I can get it to work. I haven't noticed the connection that in effect breaks the order, hense for me it doesn't happen all of the time and I couldn't duplicate it if I tried, it seems to happen for a reason I can't figure out.

I know in cc 3.08 that cookies were addressed in some manner, but I am currently running cc 3.07 with only 1 mod (Goober's coupon mod) and some minor skin mods.

I am dissappointed that you are having the same problem in cc 3.08 because I was hoping that if I upgraded from cc3.07pl1 that this wouldn't happen.

I also think you are right that it has something to do with SSL because I didn't have this problem until I switched to Paypal Pro and had to switch my site to SSL. I have shared ssl but agree with the previous post that shared vs. dedicated prob doesn't matter. At least, it shouldn't matter.

I am losing about 1/3 of my orders because of this it looks like.

-M B)

Link to comment
Share on other sites

Guest mashurst

I have this problem now too. Shared Cert, but since yours is dedicated that wouldn't seem to be the cause.

Exactly the same results from the diagnostic line too.

I am having the same problem too. A customer that used my site also had the problem and actually called my 800 number to place a phone order and then we figured out it wasn't just something that we were doing. We primarily use firefox, but have had it happen in IE too. If I delete my cookies from Firefox, and close the browser and then restart the order from scratch, I can get it to work. I haven't noticed the connection that in effect breaks the order, hense for me it doesn't happen all of the time and I couldn't duplicate it if I tried, it seems to happen for a reason I can't figure out.

I know in cc 3.08 that cookies were addressed in some manner, but I am currently running cc 3.07 with only 1 mod (Goober's coupon mod) and some minor skin mods.

I am dissappointed that you are having the same problem in cc 3.08 because I was hoping that if I upgraded from cc3.07pl1 that this wouldn't happen.

I also think you are right that it has something to do with SSL because I didn't have this problem until I switched to Paypal Pro and had to switch my site to SSL. I have shared ssl but agree with the previous post that shared vs. dedicated prob doesn't matter. At least, it shouldn't matter.

I am losing about 1/3 of my orders because of this it looks like.

-M B)

I think the key might be the PHP session ID that is associated with the guests versus when you login. It changes the php session id to a different id and then the cart gets disconnected from the person using the website. Don't know how to correct this, but it seems to make sense?

There are several other topics out there one the board for this exact same thing so it isn't isolated.

Link to comment
Share on other sites

Guest drodrigz

At least now I don't feel I'm alone in this problem. BTW, I do have goober's mod as well as one of stelle's. they both work fine in CC.3.0.8.... in un-secured mode. I haven't been able to enable my SSL since CC3.0.7-pl1... I'm acutally thinking now of rolling back.

I'll wait a little more to see if a patch comes along soon.

d

Link to comment
Share on other sites

Guest alarmed

Hi did you get this sorted?

Just found out I'm have the same problems.

1) if I log in it still shows guest in the log in box. (after welcome)

2) after selecting the item I want, they show up in the basket on the home page but not when I go to pay, basket is empty. it does notice that I'm logged in when on the View Basket page.

3) When I turn enable SSL to NO, click on store home link in admin, my whole cart runs through the (Absolute SECURE URL to store: ) route

is this correct? ( I thought it would only use this option if enable SSL was set to yes)

upgraded from 3.07p1 to 3.08

Installed Mods

SEO 5

Ebay Mod

Testimonials Mod

Regards Alarmed

Link to comment
Share on other sites

Guest mashurst

There hasn't been any resolution to this unfortunately. Brooky has been very helpful and has tried to duplicate the problem. He hasn't been able to duplicate the problem at my site, and I can't duplicate it consistently. As with any repair, it is hard to fix something if it isn't 100 percent broken, and I can understand that.

That being said, I definately have lost orders because of this so I am in a tough spot. I verified the way my ssl was set up with my web hosting provider to try and see if I had the path information wrong in my settings and here was their response:

----These paths are all correct; the problem is that you're passing cookie

information between domain names, and this isn't something that is normally

possible. I'm not sure if CubeCart has the support for it; but you have to

specify the cookie domains for both secure and insecure, this way the cookies

can store the domain crossing information and not be lost. OsCommerce does

have special coding in place to support this, but I don't know about

CubeCart.------

My webhost has cc 3.06 on fantastico so they know a little bit about it and have been helpful in the past with my questions. I am not sure that my paths are set up right as being with shared ssl I found the process to be confusing, but I did the best I could to verify that the store was working right and the path information was correct by the host.

I don't know what to say, other than to contact development to explain that this isn't an isolated occurence.

Link to comment
Share on other sites

Guest drodrigz

alarmed: no, i haven't been able to sort it out. I'm still non-SSL and I do think it's affecting my sales.

mashurst: You've gotten farther that I, so I really hope Brooky can take a look at this soon. I hope I could help Brooky in figuring out what has made our sites different.

So if there is anything I can help with, please let me know!

Thanks!

d

Link to comment
Share on other sites

Guest alarmed

All my paths were ok in 3.07p1 everything was working fine.

I'm also with a shared SSL (didn't think this was the problem though) I thought it was something I had done when upgrading using winmerge everything seemed to go fine, my carts not live at the minute so not in the same situation as you guys but if I can help any just let me know.

Alarmed

Link to comment
Share on other sites

Guest drodrigz

I've noticed another symptom. Several customers, after they've purchased something, and after they've paid with my payment gateway, they get sent back to the confirmed.php file, but a screen comes up saying that "You need to log in to see this page" or something like that (in my cart it's in spanish).

I'm sure this has something to do with the problem of closing the session and the cookies that are causing the whole "empty cart" bug.

Has there been any progress in finding a cure?

Thanks!

d

Link to comment
Share on other sites

Guest mashurst

I've noticed another symptom. Several customers, after they've purchased something, and after they've paid with my payment gateway, they get sent back to the confirmed.php file, but a screen comes up saying that "You need to log in to see this page" or something like that (in my cart it's in spanish).

I'm sure this has something to do with the problem of closing the session and the cookies that are causing the whole "empty cart" bug.

Has there been any progress in finding a cure?

Thanks!

d

no cure, I lost 2 sales today. The customers described the problem exactly in an email to my customerservice address.

I only do about 5 sales a day, so it is a big loss as my business is in the growth stage.

I have had that login error happen to me in the past but not with the current configuration. I would gladly take the login error as long as they were able to buy the products that they put in the cart.

at wits end with this.

-M :)

Link to comment
Share on other sites

Yes a real problem you dont want to not have ssl as this may deter people from using your site and if you do you risk loosing the customer because they cant log in.

I cant believe none of the admins have even posted reply's to these topics there is atleast 10 - 15 threads on this issue and not a word has been said along the lines of we are working on a fix or anything ?

Link to comment
Share on other sites

Guest alarmed

Yes a real problem you dont want to not have ssl as this may deter people from using your site and if you do you risk loosing the customer because they cant log in.

I cant believe none of the admins have even posted reply's to these topics there is atleast 10 - 15 threads on this issue and not a word has been said along the lines of we are working on a fix or anything ?

yes I'm a bit concerned that no one has commented on this post,

I'm looking at cubecart to be my online shopping cart for work, making sure I understand cubecart and the requirements I need before purchasing a license and then going live, it's not looking good :)

Having just deleted 3.08 and re-uploaded my backup copy of 3.07pl1 I'm not happy to say than i'm still getting the login problems?????

so is it a database problem?

or has my server change some of their settings?

Alarmed

Link to comment
Share on other sites

Guest mashurst

had another customer contact me by phone to place an order because they couldn't view their cart.

I believe the cause of the error, restated, is when a customer adds something to their cart, a Session I.D. is generated and displayed in the URL location of the browser as ccuser= "SID" The SID is MD5 hash it looks like and unique to that users session.

When the customer clicks on view basket, at least in my case, they should be able to look at the contents of their basket, and the url should still have their SID in the bar. That SID corresponds to a SID entry in the cubecart_sessions area of the mySQL database for my store, which has the contents of their cart. I guess also a cookie with that SID is placed on the users hard drive and the cookie and the MySQL SID both match.

However, when the error occurs, when the user clicks on view basket, that SID is not present next to ccuser= but rather it is blank. example store url.......ccuser=alkjoajaklajfoijfe

error - url.......ccuser=

can anyone also confirm this symptom? I have trouble duplilcating this on a consistent basis. I was able to duplicate the problem last night, but I don't know why. I duplicated by starting a session on one laptop. I went to my store and tried to buy an item on the one laptop. While that session was working, I went into the store on a second laptop and tried to buy an item. The second session on the opposite laptop failed. Not only did it fail, but I couldn't get it working in either IE or firefox and deleting all cookies did not. I thought firefox and IE stored their cookies in different spots, which made me think that the problem exists on the server side primarily and not the browser side.

I am guessing that because the path to the store is different, and the url has to be rewritten when a customer is on the secure side, i.e. rewriting the url from http to https along with different paths, the url rewrite isn't successful and hence the url is bad and the user can't view the contents of the cart that matches that SID.

To prevent stealing a session by a user giving another user the SID and having them enter it into the browser to view the data associated with that session, I believe the SID has to be stored on the browser of the user that started the session.

I don't know how cc pulls the data, but one way that cookie info can be retrieved is via the $_REQEST superglobal function. For instance, $_REQUEST['sessionid'] will retreive the SID just as $_GET['sessionid'] or $_COOKIE['sessionid'] would in their respective scenerios. Usually, using the superglobal that best matches the variables place of origin is best.

Since globals have been an issue since cc3.06, I am wondering if the session propagation and management has been affected in subsequent versions. I still wanted to try to go from cc3.07pl1 to cc3.08 but everyone in this forum and others is saying that they are having the problem in cc3.08 also, so why put in the time to upgrade and redo all of my mods.

Does anybody know better how cc handles sessions and what maybe the disconnect could be?

-M :)

Link to comment
Share on other sites

Guest alarmed

Hi I had to go back to cubecart 3.07 to get the basket and login user to work properly with my same settings, so whats going on?

sorry not much help but I can't beleave this is not mentioned more

seriously thinking about uninstalling my upgraded 3.08 which is not working and starting again with 3.07.......

alarmed

Link to comment
Share on other sites

Guest mashurst

Big thanks to user estelle for recommending this workaround.

Basically, the idea of making the whole site ssl.

here is the post:

http://www.cubecart.org/forums/index.php?showtopic=205

I've noticed another symptom. Several customers, after they've purchased something, and after they've paid

I went back to non ssl and paypal ipn standard and sometimes the confirmed screen works on the redirect and sometimes it doesn't.

I don't understand how these errors can be intermittent, if it is broken, it is broken, right?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...