Authorize.net SIM module - Whoops! Your session has expired error

Using PHP 5.4.20, MySQL 5.1.56-log

Recently needed to upgrade from an old version of Zen Cart (1.3.8) because my host forced an upgrade to PHP 5.4.

Installed Zen Cart using 1-click install on Dreamhost servers and then connected to the old database and upgraded it. Did a WinMerge comparison on my copy of the site files and the clean Zen Cart 1.3.8 files in order to replicate customizations (turned out these weren't edits to core files so much as templates and language directories).

Applied the POODLE fix.

Still got an error trying to make a purchase. It was the Authorize.net Error 99.

Applied this fix: http://www.zen-cart.com/showthread.p..._currency_code

That got me one step further -- was able to connect to Authorize.net's page where you enter the credit card info.

But after entering credit card and clicking "Pay now", it immediately showed my site without a stylesheet and displayed the error:

"Whoops! Your session has expired."

I've reviewed the SIM setup page (http://www.zen-cart.com/content.php?...payment-module), though it's possible I've overlooked some detail, since I'm not exactly a developer (just a designer with a basic understanding of programming languages).

I've searched through the forums on related threads for 3-4 hours this morning, examining issues and trying fixes if they seemed to apply. But most of them seemed slightly different than mine.

One that seems a possibility is this, simply because I am using an older template (Cold Steel) that I got when we first installed back in 2009:
http://www.zen-cart.com/showthread.p...on-has-expired

However, when I changed my template to the Classic Contemporary Green (which I assume is fresh from the new install), I still got the Whoops error. That leads me to think it's not related to the template, after all.

Oh, and one more detail: After getting the "session has expired" error, I am still at the URL https://secure.authorize.net/gateway/transact.dll - one time I tried hitting F5 and then got Error (13) The merchant login ID or password is invalid or the account is inactive.

Did that happen because I pressed F5 without actually filling out the whole form properly? Or is that something useful, like a real error that might be the culprit of the expired session issue?

I'm just not sure what to look for next, how to diagnose what's really happening.

Below is the debug log from my latest attempt (with some name/phone/addy data changed to obscure personal info):

Code:

---

Nov-13-2014 11:06:26
=================================

Sent to Authorizenet: Array
(
    [x_login] => *******
    [x_amount] => 8.00
    [x_currency_code] => USD
    [x_version] => 3.1
    [x_method] => CC
    [x_type] => AUTH_CAPTURE
    [x_cust_ID] => 10
    [x_email_customer] => FALSE
    [x_company] =>
    [x_first_name] => Teddi
    [x_last_name] => Deppner
    [x_address] => 1234 Main St
    [x_city] => Sacramento
    [x_state] => California
    [x_zip] => 95123
    [x_country] => United States
    [x_phone] => 916-123-1234
    [x_fax] =>
    [x_email] => [email protected]
    [x_ship_to_company] =>
    [x_ship_to_first_name] =>
    [x_ship_to_last_name] =>
    [x_ship_to_address] =>
    [x_ship_to_city] =>
    [x_ship_to_state] =>
    [x_ship_to_zip] =>
    [x_ship_to_country] =>
    [x_Customer_IP] => 64.30.101.78
    [x_relay_response] => TRUE
    [x_relay_URL] => http://www.faithalive################/store/index.php?main_page=checkout_process&action=confirm
    [x_invoice_num] =>
    [x_duplicate_window] => 120
    [x_allow_partial_Auth] => FALSE
    [x_description] => Website Purchase from Faith Alive 365
    [x_fp_sequence] => 477
    [x_fp_timestamp] => 1415905586
    [x_fp_hash] => 83f649fa3f8dd8e51f1e993eecbd6230
    [x_show_form] => PAYMENT_FORM
    [x_receipt_link_method] => POST
    [x_receipt_link_text] => Click here to complete your order.
    [x_receipt_link_url] => http://www.faithalive################/store/index.php?main_page=checkout_process
    [zenid] => laV6cpKoNg,DciZW5O-Zl1
    [url] => https://secure.authorize.net/gateway/transact.dll

---

I've been impressed with the responses to other threads (especially by the prolific and knowledgable DrByte), and thank you all in advance for any help you can offer! :smile:

You will be redirected to the timeout page if you hit the checkout_process script 3 times without completing an actual payment. This is to protect against credit card thieves using your site to test their stolen card numbers.
Log out and then do your test again.

Does using this module solve your problem? http://www.zen-cart.com/showthread.p...64#post1263564

I saw that post and was very excited. I uploaded the new file... and then realized it's for AIM, not SIM. We don't have an SSL cert, and my understanding is that the AIM module requires it. Is my understanding correct?

UPDATE: It is working now. I did not change anything in the files. Here's what I did:

I opened an incognito window in Chrome and tried the purchase process there. And it worked!

Also, just got confirmation that it worked for someone else, too.

So.... I'm guessing (and it's just a guess!) the currency issue was the only real problem and then after that... Maybe the session trouble was because I was logged in to the admin area at the same time as logging in under a different user to make the purchase (all in the same browser). Is that a reasonable guess?

You probably had an invalid session cookie in your browser, and that was failing the login. Closing the browser usually solves that, or telling your browser to clear its cache and cookies.

More people have been using the store since I last posted. When using Internet Explorer it works fine. But when using Chrome, they are getting the Session Expired message. The payment goes through Authorize (and if they try several times, they get charged several times), but Zen Cart never records their order. All we can do is refund them and then try to contact them to help them order.

This is happening with new customers who have never ordered from us, so that rules out cache and cookies as the problem, wouldn't it? It leads me to wonder what other differences there are between an incognito window and a regular one. Incognito seems to work every time. Regular Chrome window doesn't.

Any other possibilities? Any ideas for tests I can run to diagnose it further?

It makes me wonder whether you've got certain plugins installed in Chrome that are triggering multiple submissions. Incognito mode often disables plugins unless you've specifically asked it to enable them in Incognito mode. That could explain the difference you're experiencing.

If it's not you and only your customers who are having the problem, then poll them to find out a complete list of all their browser plugins, and then review the list for similarities and trends.

I also wonder if there are certain addons you've put onto your store/site that might be getting triggered in some peculiar way by certain browsers.
It's curious why there aren't hundreds of others reporting identical symptoms ... thus the suspicion that it's something unique to your own site.

Quote:

---

Originally Posted by tmdeppner

Using PHP 5.4.20, MySQL 5.1.56-log

on Dreamhost servers

"Whoops! Your session has expired."

---

Check this PHP configuration setting:
1. Admin->Tools->Server Info ... Press CTRL+F to "search the page" and search for session.hash_bits_per_character
2. If session.hash_bits_per_character is set to 6, then you'll need to apply this fix: http://www.zen-cart.com/showthread.p...02#post1270902

Yes, the session.hash_bits_per_character is set to 6. I applied the fix and went through the purchase process, and it appears to have worked! I notified my client so he could give it a try on some other browsers and confirm things.

THANK YOU for your help and for following up. Much appreciated.