What code is triggered by "Add to cart"?

[lat9]

Who is your webhost?

[flyvholm]

Justhost. I've also read about users having session problems due to Suhosin, but a phpinfo on the host server reveals Suhosin isn't installled.

[flyvholm]

So in order to troubleshoot I'm still stuck with the original question... what code is executed immediately upon clicking "add to cart", before application_top.php?

[mc12345678]

The action to be performed/location to go based on clicking a button in a form is identified at the start of the form. Once the code has been parsed to display on the screen, the full path can be realized. Generally speaking, either the next action is to load a specific file or to have index.php process the request. I'm not sure what the "test" was to determine that application_top had not been loaded as part of the redirect or not but it is unusual for the zenID/Token to change when the routine conditions for a time-out have not occurred.

Besides adding custom pages which are assumed to play a factor in why there may be a session issue, where did you obtain the files installed to run ZC? How was it installed? I know there is something about the php.ini file that I should ask, but can't think of it at the moment. Settings associated to it can be found in the admin panel version section.

As for the notifier trace that was performed earlier, may want to look at what was notified prior to the cart portion as somewhere previously may be the "controller" that directed to load the timeout after parsing the cart code. Might look for a start that does not have an end or if it does that the end is after the timeout being loaded/parsed...

[lat9]

So in order to troubleshoot I'm still stuck with the original question... what code is executed immediately upon clicking "add to cart", before application_top.php?

Quick answer: nothing.

application_top.php is the first module loaded by /index.php. The module that does get control on an add-to-cart action is /includes/main_cart_handler.php, loaded late in the start-up process; depending on the cart-related request, it will call one of the shopping_cart class functions.

[flyvholm]

I made two huge mistakes. application_top does indeed execute immediately after clicking "add to cart", then it runs a second time after the redirect. I only saw the output from the second instance because I was writing it to a file without appending.
So I tracked the problem as far as: application_top.php -> autoload_func.php -> init_sessions.php -> zen_session_start() -> session_start()
This function assigns the variable $_SESSION['securityToken'] which must match $_POST['securityToken'] to avoid being redirected to the timeout page later. In Chrome and Opera (but not Firefox or Safari) a non-matching security token was assigned, hence the trouble.
I did not troubleshoot further because at this point I realized another mistake. I had not tested a very simple fix that had worked for others: Changing the HTTP_SERVER in the configure.php files to the secure address used for the HTTPS_SERVER. I mistakenly thought that issue was only on servers with Suhosin enabled, but apparently not. Session timout errors be gone...